OWASP Southern Maryland
Welcome to the Southern Maryland chapter homepage. The chapter leader is Larry Conklin and David Sanborn.
Meeting Location Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619 Next meeting is being planned Round One trivia Results 6 question possible 11 points possible, all question 2 points except movie question, 1 point only.
Angela 3 2nonprogrammers 5 no name 7 Buddha 7 Superbad 7 no name 7 no name 7 intelligence 5
1. What is passive research? A. It's when a pen tester conducts their work without much effort B. It alerts for situations such as database errors, which facilitates an organization to ensure confidentiality and integrity C. It's when security information is gathered about an organization from totally public sources, such as surfing the web D. It's exploring a network and its operating systems to get an idea of how it's all configured https://www.owasp.org/index.php/Testing:_Introduction_and_objectives
2. What was the first movie to feature computer hacking? WarGames
3. What does the following command achieve? Telnet <IP Address> <Port 80> HEAD /HTTP/1.0 a) This command returns the home page for the IP address specified b) This command opens a backdoor Telnet session to the IP address specified c) This command allows a hacker to determine the site’s security d) This command is bogus and will accomplish nothing https://books.google.com/books?id=N-4XDAAAQBAJ&pg=PT319&lpg=PT319&dq=telnet+ip+address+port+80+head+http/1.0&source=bl&ots=-kPqPRHEjG&sig=JEln91esv_wX5RH-u5Vf1j_gOiU&hl=en&sa=X&ved=0ahUKEwib0I2G1bnWAhVCSCYKHUKtBU0Q6AEIXzAJ#v=onepage&q=telnet%20ip%20address%20port%2080%20head%20http%2F1.0&f=false
4. Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test on? a) To determine who is the holder of the root account b) To perform a DoS attack c) To create needless SPAM d) To illicit a response back that will reveal information about email servers and how they treat undeliverable mail e) To evaluate the virus protection Answer https://www.aiotestking.com/ec-council/why-would-you-consider-sending-an-email-to-an-address-that-you-know-does-not-exist-within-the-company-you-are-performing-a-penetration-test-for/
5. Hacker believes application is vulnerable to SQL injection. Using SQL Blind injection finish this SQL Statement. http://newspaper.com/items.php?id=2 and ??????????? so he knows yes the application is vulnerable to blind SQL injection 1 = 1 Answer is here https://www.owasp.org/index.php/Blind_SQL_Injection Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Summary
6. What is the hacker trying to learn by adding each AND to the SQL statement “SELECT name FROM TableOne where id=2 “?
a) AND ('aa'=CONCAT('a','a')) b) AND 'a'='a'||'a' c) AND 'aa'='a'+'a'
Determine what database engine is being used by using SQL formatting Answer is here https://www.owasp.org/index.php/OWASP_Backend_Security_Project_DBMS_Fingerprint Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Fingerprinting_the_Database and http://www.sqlinjection.net/database-fingerprinting/
Everyone is welcome to join us at our chapter meetings.
Click here to join the local chapter mailing list.
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
You can follow us on Twitter as @somdowasp
Meeting Location Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619 Date/Time: September 21, 2017, 6:00PM