Difference between revisions of "OWASP Hacking Lab"

From OWASP
Jump to: navigation, search
m
(update broken links)
 
(97 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
=Main=
  
About OWASP / Hacking-Lab:
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
  
<!-- First tab, what is OWASP/Hacking-Lab -->
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
= OWASP/Hacking-Lab challenges  =
+
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
=== Current Challenges: ===
 
<!-- available challenges -->
 
*OWASP TopTen
 
*:Hacking-Lab donated challenges covering the OWASP TopTen
 
*OWASP Hackademic
 
*;OWASP Hackademic donated challenges
 
=== new Challenges about to be released: ===
 
<!-- Current challenge information on the wiki -->
 
==== WebGoat ====
 
  
 +
==OWASP Hacking Lab==
  
 +
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.
  
<!-- Second tab, how to become a participant -->
+
===About Hacking-Lab===
= How to become a participant  =
+
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.
<!--
 
HOWTO become a participant / student (get to solve challenges)
 
-> registration Link
 
-->
 
  
<!-- Third tab, how to becom teacher -->
+
Learn more about [https://www.hacking-lab.com Hacking-Lab]
= How to become a teacher  =
 
<!--
 
HOTWO become an OWASP/Hacking-Labs teachers
 
-> teacher guideline
 
-> Teacher information
 
  @martin -> email to teachers about teacher information on this wiki
 
          -> volunteering as project contributors
 
  
-> NDA (plus explanation why)
+
==Introduction==
-->
 
  
= Project About  =
+
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.
{{:Projects/OWASP_Hacking_Lab}}
 
  
[[Category:OWASP Project]]
+
==Available challenges==
  
<!-- Don't remove this tags below -->
+
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=245 OWASP TopTen Hands-On Training]
__NOTOC__  
+
 
<headertabs/>
+
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=302 OWASP Hackademic Hands-On Training]
 +
 
 +
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=557 OWASP WebGoat Hands-On Training]
 +
 
 +
==Licensing==
 +
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 +
 
 +
| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |
 +
 
 +
== What is Hacking Lab ==
 +
 
 +
OWASP Hacking Lab provides:
 +
 
 +
* [https://www.hacking-lab.com/events/eventregister.html?event=245  OWASP Top 10]
 +
* [https://www.hacking-lab.com/events/eventregister.html?event=302  OWASP WebGoat]
 +
* [https://www.hacking-lab.com/events/eventregister.html?event=557  OWASP Hackademic]
 +
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]
 +
* [http://www.hacking-lab-ctf.com/ CTF System]
 +
 
 +
== Presentation ==
 +
 
 +
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]
 +
 
 +
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]
 +
 
 +
== Project Leaders ==
 +
 
 +
[mailto:ivan.buetler@owasp.org Ivan Buetler]
 +
 
 +
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]
 +
 
 +
== Related Projects ==
 +
 
 +
* [[OWASP_CISO_Survey]]
 +
 
 +
 
 +
== Ohloh ==
 +
 
 +
* [https://www.ohloh.net/p/Hacking_Lab Ohloh: Hacking-Lab]
 +
 
 +
| style="padding-left:25px;width:200px;" valign="top" |
 +
 
 +
== Quick Download ==
 +
 
 +
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]
 +
 
 +
== News and Events ==
 +
 
 +
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]
 +
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]
 +
 
 +
== In Print ==
 +
This project can be purchased as a print on demand book from Lulu.com
 +
 
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
 +
  |}
 +
 
 +
|}
 +
 
 +
=FAQs=
 +
 
 +
==Solution Grading & Evaluation Guidelines for Teachers==
 +
*Always be polite
 +
**Never ever be unpolite. No matter what comment or question you receive!
 +
**You are OWASP's interface, behave mature and polite.
 +
*Comment in positive phrasing
 +
**E.g. if partially scored has been achieved, congratulate them
 +
**If the solution contains a good write-up, let them know you appreciate!
 +
**If they thank you for the event, return the favor e.g. thanks for contributing
 +
*Teaching and mentoring
 +
**If a previous suggestion is not understand, try to rephrase
 +
*No abusive language is permitted
 +
**If you receive any in a solution, don't 'hit back'
 +
**See what is causing the frustration, see if you can help is, let Ivan or Martin know
 +
 
 +
==Rating:==
 +
*Understanding the vulnerability is essential
 +
**If a solution describes the vulnerability, this does scores points.
 +
 
 +
*Mitigation scores higher than hacking:
 +
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
 +
*Exploiting is essential
 +
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
 +
*Give points when possible
 +
**If not the complete answer has been supplied, give partial points when possible.
 +
**Only reject if:
 +
***there is no solution (e.g. a question asked by the student)
 +
***the solution is answering the wrong challenge
 +
***the vulnerability / exploit / mitigation has clearly not been understood
 +
 
 +
*Rating example:
 +
**If you have 10 points to give this is how to divide them:
 +
***'''3 Points for vulnerability description'''
 +
***'''3 Points for proven exploit'''
 +
***'''4 Points for complete mitigation description'''
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* Ivan Buetler
 +
* Martin Knobloch
 +
* Mateo Martinez
 +
 
 +
==Volunteer Roles==
 +
* Challenge developer
 +
* Challenge tester
 +
* LiveCD developer
 +
* Teachers (solution grading)
 +
* University Challenge Organizer
 +
 
 +
= Road Map and Getting Involved =
 +
 
 +
 
 +
Involvement in the development and promotion of Hack Lab is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
==Become an OWASP challenge participant/student==
 +
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")
 +
*Sign-Up a Hacking-Lab account
 +
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
 +
*Setup VPN from within your LiveCD
 +
*Read the challenge description (once registered in the first step)
 +
*Submit your solution into the HL portal
 +
*OWASP volunteers will grade your submission
 +
 
 +
==Become an OWASP teacher==
 +
*Solve the challenges as participant/student first
 +
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges
 +
*Ask for becoming a teacher to the project leaders
 +
 
 +
==Become an OWASP challenge developer==
 +
*Solve the challenges as participant/student first
 +
*Submit your challenge ideas (using the challenge concept template)
 +
*Create your challenge
 +
 
 +
==Become an OWASP challenge tester==
 +
*Solve the challenges as participant/student first
 +
*Submit your feedback and ideas how to improve the challenges
 +
 
 +
=University Challenge=
 +
== Introduction ==
 +
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges.
 +
 
 +
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]
 +
 
 +
 
 +
===Attack-Defense System===
 +
[[File:Attack-Defense.png|left|Hacking-Lab]]
 +
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]
 +
 
 +
 
 +
===Previous events:===
 +
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]
 +
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]
 +
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]
 +
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]
 +
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]
 +
*AppSec-US 2012 Austin
 +
*AppSec-US 2011 Minneapolis
 +
 
 +
===Questions===
 +
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]
 +
 
 +
 
 +
 
 +
=European Challenge=
 +
== European Cyber Security Challenge 2016 ==
 +
 
 +
=== Introduction ===
 +
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.
 +
 +
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.
 +
 
 +
 
 +
 
 +
=== How to join the ECSC 2016 ===
 +
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]
 +
 
 +
=Project About=
 +
{{:Projects/OWASP_Hacking_Lab}} 
 +
 
 +
__NOTOC__ <headertabs></headertabs>  
 +
 
 +
[[Category:OWASP Project]] 
 +
[[Category:OWASP_Builders]]
 +
[[Category:OWASP_Defenders]] 
 +
[[Category:OWASP_Document]]

Latest revision as of 06:12, 17 October 2017

OWASP Project Header.jpg

OWASP Hacking Lab

OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.

About Hacking-Lab

Hacking-Lab
Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.

Learn more about Hacking-Lab

Introduction

Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.

Available challenges

Licensing

OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is Hacking Lab

OWASP Hacking Lab provides:

Presentation

Download PDF HL CTF 2016.pdf

Download Power Point HL CTF 2016.pptx

Project Leaders

Ivan Buetler

Mateo Martinez

Related Projects


Ohloh

Quick Download

Download ZIP Challenge Concept Template

News and Events

In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Solution Grading & Evaluation Guidelines for Teachers

  • Always be polite
    • Never ever be unpolite. No matter what comment or question you receive!
    • You are OWASP's interface, behave mature and polite.
  • Comment in positive phrasing
    • E.g. if partially scored has been achieved, congratulate them
    • If the solution contains a good write-up, let them know you appreciate!
    • If they thank you for the event, return the favor e.g. thanks for contributing
  • Teaching and mentoring
    • If a previous suggestion is not understand, try to rephrase
  • No abusive language is permitted
    • If you receive any in a solution, don't 'hit back'
    • See what is causing the frustration, see if you can help is, let Ivan or Martin know

Rating:

  • Understanding the vulnerability is essential
    • If a solution describes the vulnerability, this does scores points.
  • Mitigation scores higher than hacking:
    • We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
  • Exploiting is essential
    • The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
  • Give points when possible
    • If not the complete answer has been supplied, give partial points when possible.
    • Only reject if:
      • there is no solution (e.g. a question asked by the student)
      • the solution is answering the wrong challenge
      • the vulnerability / exploit / mitigation has clearly not been understood
  • Rating example:
    • If you have 10 points to give this is how to divide them:
      • 3 Points for vulnerability description
      • 3 Points for proven exploit
      • 4 Points for complete mitigation description

Volunteers

OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Ivan Buetler
  • Martin Knobloch
  • Mateo Martinez

Volunteer Roles

  • Challenge developer
  • Challenge tester
  • LiveCD developer
  • Teachers (solution grading)
  • University Challenge Organizer

Involvement in the development and promotion of Hack Lab is actively encouraged! You do not have to be a security expert in order to contribute.

Become an OWASP challenge participant/student

  • Register to a free OWASP Hands-On Training (see tab "Available Challenges")
  • Sign-Up a Hacking-Lab account
  • Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
  • Setup VPN from within your LiveCD
  • Read the challenge description (once registered in the first step)
  • Submit your solution into the HL portal
  • OWASP volunteers will grade your submission

Become an OWASP teacher

  • Solve the challenges as participant/student first
  • Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges
  • Ask for becoming a teacher to the project leaders

Become an OWASP challenge developer

  • Solve the challenges as participant/student first
  • Submit your challenge ideas (using the challenge concept template)
  • Create your challenge

Become an OWASP challenge tester

  • Solve the challenges as participant/student first
  • Submit your feedback and ideas how to improve the challenges

Introduction

The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges.

This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: OWASP University Challenge


Attack-Defense System

Hacking-Lab

The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: CTF System


Previous events:

Questions

Please review University Challenge FAQ


European Cyber Security Challenge 2016

Introduction

European Cyber Security Challenge
Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.

The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.


How to join the ECSC 2016

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Hacking Lab (home page)
Purpose: This project is about hands-on security challenges (joint venture project with Hacking-Lab)
License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
  • Ivan Buetler @
  • Mateo Martinez @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ivan Buetler @ to contribute to this project
  • Contact Ivan Buetler @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases