making of gameover
DESCRIPTION
null Mumbai Chapter - August 2012 MeetTRANSCRIPT
The making
of ....
GameOver
--Presented by Jovin Lobo
Agenda
● What is GameOver ??● Idea behind its creation.● Voyage Linux / Backbone of GameOver.● Contents / Those incredible web apps. ● Walkthrough.● Response.● RoadMap.● How you could contribute ......
What's GameOver ???
● A webserver hosting deliberately vulnerable web apps.
● A place to begin learning Web Security.
● A place for “rookie-hackers” to improve their skills.
● Objective:“Building a platform for training and educating newbies about the basics of web security and educating them about some of
the common web attacks.”
The path....
● A minimilistic Linux distro was needed.● Why Voyage Linux ??? ● Finding the right web applications .● Compilation and conversion into the .iso
images. ● Announcements via mailing lists.
The path....
● A minimilistic Linux distro was needed.● Why Voyage Linux ??? ● Finding the right web applications .● Compilation and conversion into the .iso
images. ● Announcements via mailing lists.
Why Voyage ??
● Minimalistic ( Typical installation requires 128MB disk space).
● Open Source.
● Stable , well maintained by the community.
● Debian based.
● More info : http://linux.voyage.hk/
Web Apps included ...
● Section 1:– DVWA
– WebGoat
– Mutillidae
– Ghost
– ZAP-Wave
● Section 2:– Hackademic Challenges
– Vicnum
– Wackopicko
– Insecure web App
– BodgeIt
– PuzzleMall
– WAVSEP
Walk Through ●Base OS – Voyage 0.8 Open Source Minimalistic Debian Based Well maintained by community
●VM environment - VM Ware Virtual Player 4.0
●Updated Voyage
●Installation of LAMP Server Apache2 MySQL PHP5
● Applications running on Apache Web Server : DVWA, Ghost, Mutillidae, Hackademic, Vicnum and
Wackopicko.
● Applications running on Apache Tomcat : Web Goat, BodgeIT, PuzzleMall, Zap-Wave,
Insecure Web App, and WAVSEP.
● Used WebGoat's Tomcat Server ( /var/www/WebGoat-5.2/tomcat/webapps)
● Conversion of VM into the .iso image : Used the tool Remastersys
Release
● GameOver was launched as an official Null Community Project.(14/06/2012)
● GPLv3 Licensed.● Notifying the concerned
authors and developers of the various Web Applications.
Response after release...
As of 21st August 2012...
Road Map
● Resolving the installation issue (obviously).
● Inclusion of more Vulnerable Web Apps.
● Inclusion of System Level CTF's.
● Improved UI.
● Acting on the various inputs/bugs reported.
How can you Contribute ??
● Report Bugs.● Suggest new Web Apps/ ideas.● Develop Web apps for learning security.
GameOver ....GameOver ....
.... and .... and Prosper Prosper