Boulder OWASP Lab

Sept 25th 2008 - NYC CTF may get packaged up
There is a Capture-The-Flag (CTF) environment at the NYC OWASP Con. It seems likely that it will be packaged up and distributed. Stay tuned...

Link to the Lab Setup Diagrams Andrew found
Diagrams Andrew shared at the 9/18/2008 bOWASP meeting

Desired Lab Components
- WLAN WAP and/or big copper switches - host box with loads o' storage capable of running multiple victim VMs; capable of burning VMs to DVD - Proposal: I would like to purchase a machine capable of the above "host box" specs and use it at the BOWASP meetings. The only thing would be that this would remain my personal property. Below are the specs that I was thinking of, please adjust if you wish and send me an email with the change. - Antec Nine Hundred Black Steel ATX Mid Tower Computer Case - ASUS M3A78-T AM2+/AM2 AMD 790GX HDMI ATX AMD Motherboard - OCZ GameXStream OCZ700GXSSLI 700W ATX12V SLI Certified CrossFire Ready Active PFC Power Supply - AMD Phenom 9950 BLACK EDITION Agena 2.6GHz Socket AM2+ 140W Quad-Core Processor Model HD995ZFAGHBOX - 2x OCZ Reaper HPC 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 1066 (PC2 8500) Dual Channel Kit Desktop Memory (8GB total) - Western Digital Raptor WD740ADFD 74GB 10000 RPM SATA 1.5Gb/s Hard Drive - 2x Seagate Barracuda 7200.11 ST31000333AS 1TB 7200 RPM SATA 3.0Gb/s Hard Drive - LG 22X DVD±R DVD Burner Black SATA Model GH22NS30 I will most likely run Ubuntu 64 on it and VMWare Server so that we can mess with different VMs. Let me know what you think. Andrew - Web App Firewall - IPS - CD/DVD copying capability

- 2-factor auth for any management components; possibly for some of the target apps too... - Hamachi or some sort of VPN so we can stay decentralized...? - Somebody's open-source SEM/SIM to gather events so that the only time WAF/IPS/HIDS/HIPS/Whatever needs to be touched is for config changes - NYC OWASP Con's CTF environment with all of the above