Summary: <b>The OWASP WebSpa Project</b> The OWASP WebSpa project is a tool implementing the novel idea of web knocking. The term web knocking stems from port knocking, If port knocking is defined as "a form of host-to-host communication in which information flows across closed ports" then we define web knocking as a form of host-to-host communication in which information flows across erroneous URLs. In this podcast we present this web knocking tool for sending a single HTTP/S request to your web server, in order to authorise the execution of a preselected Operating System (O/S) command on it. <b>About Yiannis Pavlosoglou</b> There is a world of numbers, hiding behind letters, inside computers, this is what stimulates my work. I am currently employed in IT risk management within the financial industry, running a team of technical risk assessors. Prior to this, I spent 5 years in the world of professional penetration testing. I focused my career evolution on assisting large scale projects actually implement secure development practices. This included teaching developers how to write secure code. For OWASP, I was the project leader for JBroFuzz and used to chair the Global Industry Committee. I am on the Application Security Advisory Board of the (ISC)2. My academic qualifications include a PhD in information security, designing routing protocols for ad-hoc networks. I am a certified scrum master and hold the CISSP certification.
