Difference between revisions of "OWASP Hacking Lab"

From OWASP
Jump to: navigation, search
Line 16: Line 16:
 
==How can you start solving the OWASP hands-on challenges?==
 
==How can you start solving the OWASP hands-on challenges?==
 
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")
 
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")
*Sign-Up an Account in Hacking-Lab
+
*Sign-Up a Hacking-Lab account
 
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
 
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
 
*Setup VPN from within your LiveCD
 
*Setup VPN from within your LiveCD

Revision as of 11:22, 14 January 2014


[edit]

What OWASP challenges are available?

OWASP TopTen Hands-On Training

  Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=245&uk=

OWASP Hackademic Hands-On Training

  Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=302&uk=

OWASP WebGoat Hands-On Training

  Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=557&uk=


How can you start solving the OWASP hands-on challenges?

  • Register to a free OWASP Hands-On Training (see tab "Available Challenges")
  • Sign-Up a Hacking-Lab account
  • Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
  • Setup VPN from within your LiveCD
  • Read the challenge description (once registered in the first step)
  • Submit your solution into the HL portal
  • OWASP volunteers will grade your submission

  • Solve the challenges as participant/student first (see tab "Available Challenges")
  • Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges
  • Ask for becoming a teacher to ivan.buetler@owasp.org


Communication

  • Always be polite
    • Never ever be unpolite. No matter what comment or question you receive!
    • You are OWASP's interface, behave mature and polite.
  • Comment in positive phrasing
    • E.g. if partially scored has been achieved, congratulate them
    • If the solution contains a good write-up, let them know you appreciate!
    • If they thank you for the event, return the favor e.g. thanks for contributing
  • Teaching and mentoring
    • If a previous suggestion is not understand, try to rephrase
  • No abusive language is permitted
    • If you receive any in a solution, don't 'hit back'
    • See what is causing the frustration, see if you can help is, let Ivan or Martin know

Rating:

  • Understanding the vulnerability is essential
    • If a solution describes the vulnerability, this does scores points.
  • Mitigation scores higher than hacking:
    • We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
  • Exploiting is essential
    • The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
  • Give points when possible
    • If not the complete answer has been supplied, give partial points when possible.
    • Only reject if:
      • there is no solution (e.g. a question asked by the student)
      • the solution is answering the wrong challenge
      • the vulnerability / exploit / mitigation has clearly not been understood
  • Rating example:
    • If you have 10 points to give this is how to divide them:
      3 Points for vulnerability description
      3 Points for proven exploit
      4 Points for complete mitigation description

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Hacking Lab (home page)
Purpose: This project is about hands-on security challenges (joint venture project with Hacking-Lab)
License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
  • Ivan Buetler @
  • Mateo Martinez @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ivan Buetler @ to contribute to this project
  • Contact Ivan Buetler @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases