ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "The OWASP WebSpa Project with Yiannis Pavlosoglou and Jim Manico"
Episode Synopsis
The OWASP WebSpa Project
The OWASP WebSpa project is a tool implementing the novel idea of web
knocking. The term web knocking stems from port knocking, If port
knocking is defined as "a form of host-to-host communication in which
information flows across closed ports" then we define web knocking as
a form of host-to-host communication in which information flows across
erroneous URLs.
In this podcast we present this web knocking tool for
sending a single HTTP/S request to your web server, in order to
authorise the execution of a preselected Operating System (O/S)
command on it.
About Yiannis Pavlosoglou
There is a world of numbers, hiding behind letters, inside computers,
this is what stimulates my work. I am currently employed in IT risk
management within the financial industry, running a team of technical
risk assessors.
Prior to this, I spent 5 years in the world of
professional penetration testing. I focused my career evolution on
assisting large scale projects actually implement secure development
practices. This included teaching developers how to write secure code.
For OWASP, I was the project leader for JBroFuzz and used to chair the
Global Industry Committee. I am on the Application Security Advisory
Board of the (ISC)2.
My academic qualifications include a PhD in
information security, designing routing protocols for ad-hoc networks.
I am a certified scrum master and hold the CISSP certification.
The OWASP WebSpa project is a tool implementing the novel idea of web
knocking. The term web knocking stems from port knocking, If port
knocking is defined as "a form of host-to-host communication in which
information flows across closed ports" then we define web knocking as
a form of host-to-host communication in which information flows across
erroneous URLs.
In this podcast we present this web knocking tool for
sending a single HTTP/S request to your web server, in order to
authorise the execution of a preselected Operating System (O/S)
command on it.
About Yiannis Pavlosoglou
There is a world of numbers, hiding behind letters, inside computers,
this is what stimulates my work. I am currently employed in IT risk
management within the financial industry, running a team of technical
risk assessors.
Prior to this, I spent 5 years in the world of
professional penetration testing. I focused my career evolution on
assisting large scale projects actually implement secure development
practices. This included teaching developers how to write secure code.
For OWASP, I was the project leader for JBroFuzz and used to chair the
Global Industry Committee. I am on the Application Security Advisory
Board of the (ISC)2.
My academic qualifications include a PhD in
information security, designing routing protocols for ad-hoc networks.
I am a certified scrum master and hold the CISSP certification.
More episodes of the podcast The OWASP Podcast Series
ep2024-09 Threat Modeling with Takaharu
25/09/2024
ep2024-08 OWASP Projects Roundup
30/08/2024
ep2023-07 What's Audit got to do with IT
31/07/2023
AppSec at 40,000 feet
22/05/2023
In God we trust