Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch » The Technological

Larry Casey & OWASP

Commercially approved denial of service attacks at your service.


Get It

Try It

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organisations can make informed decisions about true application security risks.

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not for profit charitable organisation that ensures the ongoing availability and support for our work with your support.

OWASP Foundation has over 130 Local Chapters, all meetings are FREE simply sign up on the appropriate mailing list and introduce yourself. [sic]

The OWASP Application Security Search Engine indexes the best commercial and non-commercial websites on the Internet related to application security. All sites are selected and categorized by OWASP. To suggest a site, please send it to (owasp@owasp.org) You can use the links below to refine your search. [sic]

For example, if you are only interested in searching the OWASP website, choose the OWASP-only link. All ad revenue goes to support the OWASP Foundation, a 501c3 not-for-profit dedicated to finding and fighting the causes of insecure software.


Sound great? Does the charter of the organisation include instigating randomly selected colossally stupid denial of service attacks against popular websites? One thing's for sure: they'll never be 'for profit' if organisations they attack take them to court and sue for damages and/or file charges with local authorities.

Larry Casey, whoever he is, is up for full admittance into the Hall of Monkeys.

Category:OWASP DirBuster Project

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. [sic]

However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;) [sic]


You said it, jackass.

3rd March 2009 - Version 1.0-RC1

After some major code changes I have opted for a release candidate before 1.0, to weed out any bugs. Features introduced in this release are:

  • Auto pause, when 20 consecutive 20 errors happen
  • Spelling mistakes corrected
  • Multi threaded all the work generation, so multiple dir and file exts are scanned at the same time (this makes it much faster!)
  • Reconstructed multiple parts of the code
  • Proxy settings are now persistent
  • The ability to change the look and feel has now been added
  • Added Jbrofuzz dir list (Thank you Yiannis)
  • Removed the two large dir lists
  • Added new reporting formats (simple lists, xml, csv)

This version can be downloaded from here.

Tip for website operators: block these clowns immediately in robots.txt. Their agent is 'DirBuster-0.12'. As their requests are all 404s you can count on automatically getting about 150,000 of them - and that's tantamount to denial of service.

22/May/2009:01:41:56 - 22/May/2009:02:10:18

Note: the log file, at 27 MB, wasted too much bandwidth, and so was removed. And yet it represented but 30 minutes OWASP traffic. All 404s.

Send Larry a Love Letter

Checking server [whois.publicinterestregistry.net]
Results:

Domain ID:D77600453-LROR
Domain Name:OWASP.ORG
Created On:21-Sep-2001 17:00:36 UTC
Last Updated On:15-Feb-2005 15:45:17 UTC
Expiration Date:21-Sep-2013 17:00:36 UTC
Sponsoring Registrar:Register.com Inc. (R71-LROR)
Status:OK
Registrant ID:546CEF135F727823
Registrant Name:Laurence Casey
Registrant Organization:OWASP Foundation
Registrant Street1:9175 Guilford Rd Suite 300
Registrant Street2:
Registrant Street3:
Registrant City:Columbia
Registrant State/Province:MD
Registrant Postal Code:21046
Registrant Country:US
Registrant Phone:+1.3016044882
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:larry.casey@owasp.org
Admin ID:546CEF135F727823
Admin Name:Laurence Casey
Admin Organization:OWASP Foundation
Admin Street1:9175 Guilford Rd Suite 300
Admin Street2:
Admin Street3:
Admin City:Columbia
Admin State/Province:MD
Admin Postal Code:21046
Admin Country:US
Admin Phone:+1.3016044882
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:larry.casey@owasp.org
Tech ID:546CEF135F727823
Tech Name:Laurence Casey
Tech Organization:OWASP Foundation
Tech Street1:9175 Guilford Rd Suite 300
Tech Street2:
Tech Street3:
Tech City:Columbia
Tech State/Province:MD
Tech Postal Code:21046
Tech Country:US
Tech Phone:+1.3016044882
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:larry.casey@owasp.org
Name Server:NS1.SECURE.NET
Name Server:NS2.SECURE.NET
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.