OWASP University Challenge

Jump to: navigation, search
OWASP Project Header.jpg

OWASP University Challenge

The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …).

  • There is no admission fee for the University Challenge – participation in the conference is possible for free.
  • During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework.
  • The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university.
  • All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list.
  • All team members must be registered. Registration for the University Challenge event is free.
  • Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).


The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days! University / Student teams can compete solving hack challenges and defending insecure applications.

Attack-Defense System

The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: CTF System

What is the OWASP UC?


The AppSec conference should take care of:

  • Venue / rooms during the conference training days
  • Feed the students
  • Local pr / announcements at local Universities


Project Leader

Ivan Buetler

Mateo Martinez

Related Projects

OWASP Student Chapters Program

Quick Download

News and Events

In Print


Owasp-incubator-trans-85.png Owasp-builders-small.png
Project Type Files CODE.jpg

Conference Organisation:

  • Announcement
  • Room / Space for the University Challenge
    • Internet connection
    • Video projector (scoring/ranking)
    • Power and extensions
  • Outreach to the local Universities
  • Sponsor for winner prizes
  • Winner announcement during the main track / (before) end of the conference


During the two training days

  • challenges will be organized together with Hacking-Lab
  • Hardware (challenge server) come from Hacking-Lab
  • Hardware (wilreless routers) come form the Education Committee


  • Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students
  • Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference
  • It is recommended to give the University Challenge teams free entrance to the conference


We could need the conference organization team to help finding sponsors for the prices.

Previous events:

Ticket winning" pre-conference challenges:

-> option for conference to offer free tickets via solving Hacking-Lab challenges -> qualifying for UC? -> Team qualifying

   Q1: When typically has the event run at AppSec, during the training days or during conference proper?
   A1: The UC is normally hosted during the training days
   Q2: What size of room or seating capacity has typically been used?
   A2: Depending to the PR and number of teams (teams have a max of 8 members)
   Q3: What prizes are usually awarded?
   A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning
   Q4: Do the teams  have free conference access?
   A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.
   There are no entrance / attendance fees charged previously
   The attendees usually get free access to the conference (because they travel from foreign countries too) 


The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.

About Hacking-Lab

Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents.

Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.

Learn more about:

  • University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)
What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP University Challenge (home page)
Purpose: As first time organized at the OWASP AppSec-US 2011 in Minneapolis, this project is to enable "attack & defend" challenges.

First, at OWASP AppSec conferences, later also to enable this outside AppSec conferences.

License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
  • Ivan Buetler @
  • Mateo Martinez @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ivan Buetler @ to contribute to this project
  • Contact Ivan Buetler @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases