Southern Maryland

From OWASP
Jump to: navigation, search

OWASP Southern Maryland

Welcome to the Southern Maryland chapter homepage. The chapter leader is Larry Conklin and David Sanborn.

Local News

Meeting Location
 Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619
 Next meeting is being planned
 Round One trivia Results
 6 question possible 11 points possible, all question 2 points except movie question, 1 point only.
  Angela 3
  2nonprogrammers 5
  no name 7 
  Buddha 7
  Superbad 7
  no name 7
  no name 7
  intelligence 5
1.	What is passive research?
A.	It's when a pen tester conducts their work without much effort
B.	It alerts for situations such as database errors, which facilitates an organization to ensure confidentiality and integrity
C.	It's when security information is gathered about an organization from totally public sources, such as surfing the web
D.	It's exploring a network and its operating systems to get an idea of how it's all configured
       https://www.owasp.org/index.php/Testing:_Introduction_and_objectives 
2.	What was the first movie to feature computer hacking?
       WarGames
3.	What does the following command achieve? Telnet <IP Address> <Port 80> HEAD /HTTP/1.0
a)	This command returns the home page for the IP address specified
b)	This command opens a backdoor Telnet session to the IP address specified 
c)	This command allows a hacker to determine the site’s security
d)	This command is bogus and will accomplish nothing
https://books.google.com/books?id=N-4XDAAAQBAJ&pg=PT319&lpg=PT319&dq=telnet+ip+address+port+80+head+http/1.0&source=bl&ots=-kPqPRHEjG&sig=JEln91esv_wX5RH-u5Vf1j_gOiU&hl=en&sa=X&ved=0ahUKEwib0I2G1bnWAhVCSCYKHUKtBU0Q6AEIXzAJ#v=onepage&q=telnet%20ip%20address%20port%2080%20head%20http%2F1.0&f=false 
4.	Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test on?
a)	To determine who is the holder of the root account
b)	To perform a DoS attack
c)	To create needless SPAM
d)	To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
e)	To evaluate the virus protection
       Answer https://www.aiotestking.com/ec-council/why-would-you-consider-sending-an-email-to-an-address-that-you-know-does-not-exist-within-the-company-you-are-performing-a-penetration-test-for/
5.	Hacker believes application is vulnerable to SQL injection. Using SQL Blind injection finish this SQL Statement. http://newspaper.com/items.php?id=2 and ??????????? so he knows yes the application is vulnerable to blind SQL injection 
  1 = 1
  Answer is here https://www.owasp.org/index.php/Blind_SQL_Injection
  Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Summary
6.	What is the hacker trying to learn by adding each AND to the SQL statement “SELECT name FROM TableOne where  id=2 “? 
  a)	AND ('aa'=CONCAT('a','a')) 
  b)	AND 'a'='a'||'a' 
  c)	AND 'aa'='a'+'a' 
  
Determine what database engine is being used by using SQL formatting
Answer is here https://www.owasp.org/index.php/OWASP_Backend_Security_Project_DBMS_Fingerprint
Also https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Fingerprinting_the_Database and 
http://www.sqlinjection.net/database-fingerprinting/


Everyone is welcome to join us at our chapter meetings.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.


Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Twitter

You can follow us on Twitter as @somdowasp

Local News

Meeting Location
 Southern Maryland Higher Education Center 44219 Airport Road, Califorina, MD 20619
Date/Time: 
 September 21, 2017, 6:00PM