The OWASP WebSpa Project
The OWASP WebSpa project is a tool implementing the novel idea of web
knocking. The term web knocking stems from port knocking, If port
knocking is defined as "a form of host-to-host communication in which
information flows across closed ports" then we define web knocking as
a form of host-to-host communication in which information flows across
erroneous URLs.
In this podcast we present this web knocking tool for
sending a single HTTP/S request to your web server, in order to
authorise the execution of a preselected Operating System (O/S)
command on it.
About Yiannis Pavlosoglou
There is a world of numbers, hiding behind letters, inside computers,
this is what stimulates my work. I am currently employed in IT risk
management within the financial industry, running a team of technical
risk assessors.
Prior to this, I spent 5 years in the world of
professional penetration testing. I focused my career evolution on
assisting large scale projects actually implement secure development
practices. This included teaching developers how to write secure code.
For OWASP, I was the project leader for JBroFuzz and used to chair the
Global Industry Committee. I am on the Application Security Advisory
Board of the (ISC)2.
My academic qualifications include a PhD in
information security, designing routing protocols for ad-hoc networks.
I am a certified scrum master and hold the CISSP certification.