SpoC 007 - Refresh Attacks list
AoC Candidate: Przemyslaw 'rezos' Skowron
Project coordinator: Dinis Cruz
Project Progress: 100% Complete (my part), Progress Page
Przemyslaw 'rezos' Skowron - Refresh Attacks List
My educational and professional background
I'm 24 year old system administrator/it security specialist with 6 years experience. Also I'm speaker at many different meetings about IT Security (e.g. at OWASP Poland Local Chapter in April 2007) and student Computer Science (last year).
Application security experience
I have 5 years experience in security audits. Mainly applications for linux/win32 platform, but since 2 years I'm _interested_ web security. I know many attacks vectors, what and how I can do it with security bug and how correct (e.g. changes in code, configuration or something else). In 2004 year I wrote my first article about bugs in code. Currently I preparing presentation at FIRST! OWASP Poland Local Chapter Meeting about "secure programming in practice".
Participation and leadership in open communities
I'm member of ISACA Poland and (I hope so!) OWASP Poland Local Chapter.
Objectives or ways in which you will meet the goal(s)
- flesh out any item complete from Attacks list
- complete any item which is not complete or is blank
- refresh Attacks list, everyday is new for new vectors attacks
Specific activities and who will carry out these activities
Security education for newbie, medium-advanced and advanced people. Currently mainly via presentation on ISACA Poland meetings. My protector in this education is Shadow (sorry, I don't know in this moment if I mind operate his (first/last)name).
Specific deliverables and a rough project schedule so we can track progress
My goals list (3 points) is good for make progress bar. First and second goals this is base what I want do it. Third goal is a little research working, but this is what I WANT do it in my life :)
Long-term vision for the project
If Attacks list is complete (9th July) in cycle on one year this work must be refresh. Very important is update Attacks list every time when you hired about new vector attacks. Why? Because when description about this news vector attacks is not complete, in the next year you don't must making 3 goals, just 2 (first and second). Perfectly when any new item at Attacks list is develop at moment emerge or even though max. 3 months for someone wrote it.
Any other reasons why you and your project should be selected
Why me? Because I have experience, skills, goodwill and free time. Why this project? Because this is strong base for education for any programmer, administrator and many others professionals. Knowledge attacks vectors... this is helpful for more secure not only (e-)world.