The purpose of ISEA is to improve understanding of IT security so my first thought was that the OWASP Top 10 Risks is perfect for this so I’m going to explain the new 2010 release candidate list.

Here’s my talk abstract:
Introduction to web hacking. Information on how to detect, prevent and exploit the top ten most
common web vulnerabilities as specified by OWASP (Open Web Application Security Project). Practical
attack scenarios and demonstrations will be given for each of the classes of vulnerability. The 2010
OWASP Top 10 vulnerability classes are injection, cross site scripting (XSS), broken authentication
and session management, insecure direct object references, cross site request forgery (CSRF),
security misconfiguration, failure to restrict url access, unvalidated redirects and forwards,
insecure cryptographic storage, insufficient transport layer protection. Examples will be given in
PHP because it is the most common web language.


Interestingly enough, IIT is the Indian university joked about in the Dilbert cartoons, here’s a sample:

I’m setting up the Christchurch Information Security Group (CISG) ISIG Christchurch Chapter to help organise the local Information Security community. It’s a casual meeting for information security enthusiasts to network and collaborate on projects. Business, academic and amateur people are welcome.

When: 6.45pm, the last Thursday of the month, beginning Thursday 28th of January.

Where: Upstairs in the couch area at the Canterbury Innovation Incubator, 200 Armagh St.
The doors to the Canterbury Innovation Incubator will be locked. Press the doorbell inside the open roller doors or TXT 0272 646 959 for entry.

Questions and comments are welcome

Talk abstract: Ever wanted to web scan all of New Zealand but didn’t have the right tools? Me too, so I developed WhatWeb, a next generation website identification scanner. With stealth-mode turned all the way up to 11 it’s less intrusive than the Google crawler and eminently suitable for large scale internet scanning. Look foward to juicier web statistics than at NetCraft.com and a guided tour to the unindexed websites hidden among NZ’s 6 million allocated IPs. The web space is littered with voip phones, web cameras, printers, routers and bizzare devices to amaze and astound you. WhatWeb will be officially released at Kiwicon 2009.

Tools published at the Kiwicon conference:

• Whatweb – next generation webscanner. Whatweb homepage
• bing-ip2hosts – Enumerate hostnames from Bing.com for an IP address.
  Bing.com is Microsoft’s search engine which has an IP: search parameter. Homepage
• gggooglescan – Enumerate hostnames and URLs from Google.
  Features: antibot avoidance, search within a country, custom search appliance Homepage
• basedomainname – Extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names. Homepage

Link to Kiwicon III presentations : https://kiwicon.org/presentations/#urbanadventurer