The Ha.ckers.org Hacking Challenges

As many of you have seen, I have a “Hackme” site setup to go along with my podcast, and specifically for the Hands On Series podcasts. Well the current king of Web App Security blogging has setup a couple hacker challenges on his site. The ones on my site are really focused toward teaching, the ones on ha.ckers.org are setup for the fun, challenge and bragging rights.

I have had the mis-fortune of being completely swamped in work during the start of these last two, but when the third is up, Im cleaning my calender, turning off cell phones and ignoring any unnecessary chats so I can beat it as quickly as possible and get listed in the top ten. Knowing rSnake, I may decide to put together a small MightySeek team to work together to increase our chances, but I will see how it plays out.

Go have fun, and test your skills

Btw, #2 had a logic flaw which really opens up the next one to additional scrutiny to see whats possible to find during the next one.

Evaluating Web Application Security Scanners

Theres been alot of discussion lately about an issue thats near and dear to my heart. The capabilities and of web application security scanning is something I have been living and breathing for about 5 years with NT OBJECTIves. AT NTO I lead the development and research teams involved in building our own scanner called NTOSpider,  and have been trying to increase what is possible to test for in an automated tool.

This is a really difficult and challenging issue, with a bunch of issues that are fuzzy at best. I have high hopes that the WASSEC Project thats being hosted by the Web Application Security Consortium, because its going to bring a bunch of us from the app sec tool vendor space and the web app sec community  together to discuss the issue and attempt to come up with a good reference document for the ways to evaluate scanners.

I’m curious how we will be able to come up with any consensus, but with any luck and some hard work and compromise I think this could be a turning point to helping public understanding of this issue.