After an interesting session of Mozilla Hackathon on app and web development, The CMRIT Firefox club once again has come forward with a further more interesting two-day session on securing the web using OWASP ZAP.
About OWASP ZAP:
ZAP stands for Zed Attack Proxy and is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
Some of the built in features include: Intercepting proxy server, Traditional and AJAX Web crawlers,Automated scanner, Passive scanner, Forced browsing, Fuzzer, WebSocketsupport, Scripting languages, and Plug-n-Hack support. It has a plugin-based architecture and an online ‘marketplace’ which allows new or updated features to be added.
The enthralling two-day session began at CMRIT with the Mozilla representatives and FSAs Sudarshan, Sanjay, Kalyan, Giridhar, Akshay Tiwari and Sumanth. The session began with Akshay Tiwari giving a brief intro about why Mozilla and the importance of web privacy and browsing the web without being tracked. He mentioned the importance of net neutrality and surfing the web safely. The speech was followed by Sumanth Damarla, also a Mozillian giving an introduction about Zed Attack Proxy and its features. A power point presentation was presented by Sumanth which highlighted the agenda of OWASP ZAP and also enlightened the students with it’s features such as fuzzer, scanner and web crawlers etc. As ‘all work and no play makes Jack a dull boy’, the organizers went ahead with conducting an ice-breaking activity where numerous questions from different fields were asked, thereby making the session a bit more interesting and enjoyable. The Mozillians and participants decided to head for lunch break.
After the lunch break, the session resumed with Sumanth Damarla continuing about the introduction of ZAP tools and features like forced browsing and Plug-n-Hack. After the explanation, the session went ahead with participants being explained about installation of the Zed Attack Proxy into their systems to carry out the tasks given. After making sure that the installation was successful and every student had the software, the Mozillians went ahead with explaining a few basics of the tool and few how-to-dos. After this, it was called a day. The students looked forward for the second day session to implement their knowledge practically.
The second day began with Bharat Chauhan and Shashank, of Firefox team brushing up all the things that were explained in the first day session including OWASP ZAP and XAMPP which is an easy-to-install apache distribution containing MYSQL,PHP AND perl. It is a simple, lightweight Apache distribution that makes it extremely easy for developers to create a local web server for testing purposes. The students were made to install XAMPP control panel for tomcat. Tomcat is an application server from the Apache Software Foundation that executes Java servlets and renders Web pages that include Java Server Page coding. BodgeIt is a vulnerable web application. It consists of a wide variety of vulnerabilities and is not intended to be hosted on a production environment.After the completion of installation of all required software, using OWASP ZAP was used for finding the vulnerabilities on the BodgeIt web application.These vulnerabilities were avoided using the software. Also the AJAX spider was introduced to the students which can discover the pages and dynamic-built links of a targeted web application, whose results can be later used by ZAP to find its vulnerabilities.
Later the Mozillians showed a demonstration on finding the vulnerabilities of the official CMRIT college website and how it could be fixed. They were successful in finding a number of vulnerabilities of the website using the OWASP ZAP and fixed a few. By the end of the two-day session, the participants were very much enlightened with the whole concept of securing web with ZAP and to find the vulnerabilities of any web application. The session ended on a happy note and really cool swags were distributed to the participants who were successful on avoiding the maximum number of vulnerabilities. Swags were then distributed among all the participants followed by a photo session with all the participants by the photographer Stephen.
A huge thanks for contributing to the event and making it a success. The CMRIT Firefox club is planning for regular meetups starting from the next week. Hope to see you all there!
Did you like the event? Do let us know. For any feedbacks or queries, do ping us.
CMR institute of
Technology has come forward to ardently contribute to the open web with a Hackathon
on the grounds of app and web development. It was also to create awareness
about the open source to the students and a brief introduction about Firefox
and its agenda.
The event began with
the auspicious lightening of diya by DR. M. Janga Reddy sir, Honorable
principal, CMRIT and DR. S. Arvind Joshi sir Head Of the Department, CSE. DR.
M. Janga Reddy sir enlightened students with a brief history about Mozilla
Firefox and encouraged students to contribute towards the Open web. DR. S.
Arvind Joshi sir also encouraged students to actively participate in open web
by contributing the ideas from the young minds. He also signified the
importance of open web.
The session thereby
began with enthusiastic students looking forward to learn and implement new things
and Mozilla Representatives showing passion towards helping the students. The
session began with HarshaBandaru, an open source contributor and a
representative at Mozilla Firefox introducing us to the agenda of the club and
importance of the contributors for the open web. The speech was followed by Sai
Charan Reddy and Achyuth TVS, also Mozilla Representatives and Contributors
introducing the students to tools for the beginners. The tools included “WebMaker”.
Webmaker is helpul for people to acquire the basic skills a person requires
from browsing web to making web. The tool encourages beginners to come up with
their own definition of web and help build it. The next tool was the “Thimble”.
Thimble is a web-based code editor. It is designed to give beginners in
webmaking to an easy tool to build and share webpages. It gives a perfect
platform for not-so-codefreak people to build webpages. The next tool is
“Popcorn Maker”. So as the name states, who doesn’t love a bowl of popcorn to a
nice movie. But sadly popcorn maker doesn’t make popcorn for u but does help
you create your own favourite videos. Popcorn maker helps you to easily remix
web videos, audios and images into mashups that you can embed on other
The next tool was the “X-ray
Goggles”. As much as the interesting name, it is an interesting tool to inspect
the code behind every webpage. You can see the building blocks that make the
websites and then remix into new creations. After the helpful demonstration
about the tools it was time for the lunch break. The representatives decided to
continue the session after the lunch break.
resumed after a brief lunch break. The web development team and the app
development team were enthusiastic to learn new things. The representatives assessed
the ideas of each group from both web and app development. The representatives
split into two team for helping each person understand and implement what they
wanted to. The web developers were given tasks to create web pages of their own
choice after being taught. The app developers showed much interest in creating
a gaming app and therefore HarshaBandaru introduced them to “Constructor2”.
Constructor 2 is a powerful HTML5 game creator specifically used to create 2D
games. There is no coding required for creating games through this. The
students were successfully taught to make a game similar to flappy birds. After
the creation of the game by everybody, the representatives announced the
competitions for the respective development teams. The teams were given time to
create webpages and apps on basis of the taught skills. The students from each
team worked really hard. Towards the end of the day and the session,
representatives assessed the individual team’s work. Although it was hard to
come to a conclusion due to the amazing work by students, T. Kailash, Pradeep
Kumar Patri, Shiva and Akhil of third year CSE were pronounced winners for
their beautiful and creative design of a webpage.
The day ended with impressed
representatives looking forward to work with the students and students
energetically looking forward to grasp new things and being more aware than
before about the Mozilla Firefox and its open source contribution.
Firefox Student Ambassadors are individuals who are passionate about Mozilla and raise awareness about the many benefits of Firefox and other Mozilla products - especially Firefox OS!
Creative and resourceful, Student Ambassadors lead campaigns and projects at their colleges and in their communities to encourage others to contribute to Mozilla (and utilize our products). Together, Firefox Student Ambassadors play a large role in helping to improve the global experience of people on the Web.
As part of the overall Mozilla Reps program (ReMo), Student Ambassadors are given the opportunity to learn new skills, earn recognition, and advance their leadership in the Mozilla community.
Do you want to be the first to know about Firefox OS on your campus? Want to have fun with people like you and help to make history? Want to attend world class events?You can become part of a global community committed to protecting the open Web.