Difference between revisions of "OWASP Hacking Lab"

From OWASP
Jump to: navigation, search
m
(Rating:)
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
  
About OWASP / Hacking-Lab:
 
  
 
<!-- First tab, what is OWASP/Hacking-Lab -->
 
<!-- First tab, what is OWASP/Hacking-Lab -->
= OWASP/Hacking-Lab challenges  =
+
=Available challenges=
=== Current Challenges: ===
+
OWASP/Hacking-Lab  
<!-- available challenges -->
+
 
*OWASP TopTen
 
*OWASP TopTen
 
*:Hacking-Lab donated challenges covering the OWASP TopTen  
 
*:Hacking-Lab donated challenges covering the OWASP TopTen  
 
*OWASP Hackademic
 
*OWASP Hackademic
*;OWASP Hackademic donated challenges
 
=== new Challenges about to be released: ===
 
<!-- Current challenge information on the wiki -->
 
==== WebGoat ====
 
  
 +
<!-- Second tab, how to become a participant -->
 +
=How to become a participant=
 +
To participate:
 +
* registration Link
  
 +
<!-- Third tab, how to become teacher -->
 +
=How to become a teacher=
 +
* NDA (plus explanation why)
  
<!-- Second tab, how to become a participant -->
+
<!-- Fourth tab, teacher Guidelines-->
= How to become a participant  =
+
=Challenge valuation Guidelines=
<!--
+
==Communication==
HOWTO become a participant / student (get to solve challenges)
+
*Always be polite
-> registration Link
+
**Never ever be unpolite. No matter what comment or question you receive!
-->
+
**You are OWASP's interface, behave mature and polite.
 +
*Comment in positive phrasing
 +
**E.g. if partially scored has been achieved, congratulate them
 +
**If the solution contains a good write-up, let them know you appreciate!
 +
**If they thank you for the event, return the favor e.g. thanks for contributing
 +
*Teaching and mentoring
 +
**If a previous suggestion is not understand, try to rephrase
 +
*No abusive language is permitted
 +
**If you receive any in a solution, don't 'hit back'
 +
**See what is causing the frustration, see if you can help is, let Ivan or Martin know
 +
 
 +
==Rating:==
 +
*Understanding the vulnerability is essential
 +
**If a solution describes the vulnerability, this does scores points.
  
<!-- Third tab, how to becom teacher -->
+
*Mitigation scores higher than hacking:
= How to become a teacher  =
+
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
<!--
+
*Exploiting is essential
HOTWO become an OWASP/Hacking-Labs teachers
+
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
-> teacher guideline
+
*Give points when possible
-> Teacher information
+
**If not the complete answer has been supplied, give partial points when possible.
  @martin -> email to teachers about teacher information on this wiki
+
**Only reject if:
          -> volunteering as project contributors
+
***there is no solution (e.g. a question asked by the student)
 +
***the solution is answering the wrong challenge
 +
***the vulnerability / exploit / mitigation has clearly not been understood
  
-> NDA (plus explanation why)
+
*Rating example:
-->
+
**If you have 10 points to give this is how to divide them:
 +
**;3 Points for vulnerability description
 +
**;3 Points for proven exploit
 +
**;4 Points for complete mitigation description
  
 
= Project About  =
 
= Project About  =

Revision as of 06:41, 26 March 2013


[edit]

OWASP/Hacking-Lab

  • OWASP TopTen
    Hacking-Lab donated challenges covering the OWASP TopTen
  • OWASP Hackademic

To participate:

  • registration Link

  • NDA (plus explanation why)

Communication

  • Always be polite
    • Never ever be unpolite. No matter what comment or question you receive!
    • You are OWASP's interface, behave mature and polite.
  • Comment in positive phrasing
    • E.g. if partially scored has been achieved, congratulate them
    • If the solution contains a good write-up, let them know you appreciate!
    • If they thank you for the event, return the favor e.g. thanks for contributing
  • Teaching and mentoring
    • If a previous suggestion is not understand, try to rephrase
  • No abusive language is permitted
    • If you receive any in a solution, don't 'hit back'
    • See what is causing the frustration, see if you can help is, let Ivan or Martin know

Rating:

  • Understanding the vulnerability is essential
    • If a solution describes the vulnerability, this does scores points.
  • Mitigation scores higher than hacking:
    • We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
  • Exploiting is essential
    • The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
  • Give points when possible
    • If not the complete answer has been supplied, give partial points when possible.
    • Only reject if:
      • there is no solution (e.g. a question asked by the student)
      • the solution is answering the wrong challenge
      • the vulnerability / exploit / mitigation has clearly not been understood
  • Rating example:
    • If you have 10 points to give this is how to divide them:
      3 Points for vulnerability description
      3 Points for proven exploit
      4 Points for complete mitigation description

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Hacking Lab (home page)
Purpose: This project is about hands-on security challenges (joint venture project with Hacking-Lab)
License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
  • Ivan Buetler @
  • Mateo Martinez @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ivan Buetler @ to contribute to this project
  • Contact Ivan Buetler @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases