I’m in lovely Budapest right now with work (Mindcamp). Every year Mindcamp does a company conference (sort of) with the employees. Last year was Toscana, this year Budapest. The idea with the week, aside from building a stronger common culture, is to have a week where we can spend time working on ideas that can be (but don’t have to be) related to work. We create a few tracks, and then group up. This was actually how the startup I’m working on/for, Konstrukt, was created. An idea child from a conference week a few years ago.
The tracks this year are:
R – Wiko’s track
Using R to work with real estate data.
Qlik in healthcare – Rasmus track
Look into how we can add more value to healthcare with our specialist knowledge in healthcare & Qlik
Qlik extensions – Tomas track
The title describes it all 🙂
Security and web applications 101 – OWASP top ten– My track
Walk through the OWASP top ten while we have fun with the WebGoat application. Then analyze how each applies to the startup product my team is working on and add some more depth.
And that brings us to the question(s) of the day. What is OWASP and the WebGoat project?
WebGoat is an OWASP project, and OWASP is a not-for-profit charitable project. OWASP stands for Open Web Application Security Project. The online community is concerned with web application security and provides all kind of resources to educate developers and non-developers on the topic. One of the ways they’ve gone ahead and done that is by creating a project called WebGoat. WebGoat is a web application that is rather insecure, and that is on purpose. With the web application follows a nice collection of various lessons that guides the developer/user to hack the application at different layer level. Here is are some examples, using the classic SQL injection. It’s quite basic, and although considered a noob error it still is a common problem according to OWASP. Her is a grappy query showing it in action using the WebGoat.Net app. Base64’ing a password is something I really hope nobody is doing… The WebGoat.Net project isn’t maintained anymore AFAIK and there were a few problems so I’m putting together a similar web application to share on GitHub later.