Culture and Organization -> Education and Guidance: Simple mob hacking
Risk and Opportunity
Risk: Understanding security is hard.
Opportunity: Participate with your whole team in a simple mob hacking session organized by the Security Champion Guild.
In the session the guild presents a vulnerable application and together you look at possible exploits.
Just like in mob programming there is one driver and several navigators.
Guidelines for your simple mob hacking session
- All exploits happen via the user interface.
- No need for security/hacking tools.
- No need for deep technical or security knowledge.
- Use an insecure training app, e.g., DVWA or OWASP Juice Shop.
- Encourage active participation, e.g., use small groups.
- Allow enough time for everyone to run at least one exploit.
- The team gets an idea of how exploits can look like and how easy applications can be attacked.
- The team understands functional correct working software can be highly insecure and easy to exploit.
- OWASP Juice Shop, Link, Tags: training
- Damn Vulnerable Web Application, , Tags: training
Usefulness and Requirements of this Activity
Required knowledge: Very High (three or more disciplines)
Required time: Medium
Required resources (systems): Very Low
OWASP SAMM VERSION 2
CreditsThis activity is inspired/copied by/from
AppSecure-nrw Security Belts