WebApp Sec mailing list archives
awareness improvement demo
From: koro69 () yepmail net
Date: Sat, 05 Mar 2005 13:14:42 +0100
hi list, I am setting up an awareness improvement demo for an international financial institution. I know the subject is not new, but I would like to do something up-to-date... :-) I am planning 3 different demos, for different type of users: - top management; - IT staff; - "average" user. For each type of audience, I am planning different subjects: - top management: - email: nature of an email: clear text, forged emails - virus - browsing: dangerous mobile codes, privacy (cache, cookies) - poor password limits - mobility: laptop, PDA, smartphone - potentially dangerous technologies: wifi, bluetooth, "blackberry" - IT staff: - web app security (sql injection, cookies manipulation, etc) - "state of the art" attacks: stealth trojan... - live hacking of a web server - wifi detection, and wep cracking - google hacks - physical security, hardware keyloggers... - "average" user: - email: nature of an email: clear text, forged emails - virus - browsing: dangerous mobile codes, privacy (cache, cookies) - poor password limits - social engineering I imagine I will set up a couple of laptops, or even a couple of virtual machines, but I am wondering if the "demo effect" is the same with virtual versus real machines ? I would be pleased to receive comments on anything in my plan, including: - the subjects chosen for each type of audience; - how to implement them easily; concerning the web app security demo, I have planned at first to use the excellent "Hacme Bank" from Foundstone, but I think the licence will prevent me from using it :-( . Any idea of a similar free tool ? - link to external resources on the subject. - similar experience of people from this list ;-) Thanks, Koro.
Current thread:
- awareness improvement demo koro69 (Mar 06)