Boulder OWASP Lab

Sept 25th 2008 - NYC CTF may get packaged up
There is a Capture-The-Flag (CTF) environment at the NYC OWASP Con. It seems likely that it will be packaged up and distributed. Stay tuned...

Link to the Lab Setup Diagrams Andrew found
Diagrams Andrew shared at the 9/18/2008 bOWASP meeting

Desired Lab Components
- WLAN WAP and/or big copper switches - host box with loads o' storage capable of running multiple victim VMs; capable of burning VMs to DVD - Web App Firewall - IPS - CD/DVD copying capability

- 2-factor auth for any management components; possibly for some of the target apps too... - Hamachi or some sort of VPN so we can stay decentralized...? - Somebody's open-source SEM/SIM to gather events so that the only time WAF/IPS/HIDS/HIPS/Whatever needs to be touched is for config changes