https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Ivan+BuetlerOWASP - User contributions [en]2026-04-26T00:15:45ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=234460OWASP Hacking Lab2017-10-17T12:12:23Z<p>Ivan Buetler: update broken links</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=245 OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=302 OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=557 OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/eventregister.html?event=245 OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/eventregister.html?event=302 OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/eventregister.html?event=557 OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
* [https://www.ohloh.net/p/Hacking_Lab Ohloh: Hacking-Lab]<br />
<br />
| style="padding-left:25px;width:200px;" valign="top" |<br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=234459OWASP Hacking Lab2017-10-17T12:10:54Z<p>Ivan Buetler: update broken links</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=245 OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=302 OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/eventregister.html?event=557 OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
* [https://www.ohloh.net/p/Hacking_Lab Ohloh: Hacking-Lab]<br />
<br />
| style="padding-left:25px;width:200px;" valign="top" |<br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=User:Ivan_Buetler&diff=234458User:Ivan Buetler2017-10-17T12:03:05Z<p>Ivan Buetler: bio update</p>
<hr />
<div>Ivan Buetler is a renowned security expert in the field of cyber security. He started his career by co-founding and developing Compass Security AG, a leading ethical hacking and penetration testing company headquartered in Switzerland near Zurich with its subsidiaries in Berne and Berlin. Several of his publications on network and computer security have raised international recognition. Besides his own business, he is a tutor at several Swiss Universities, where he lectures in the field of '''Hacking''', '''Cyber Crime''' and '''Advanced Persistent Threats'''. Ivan is a regular speaker at international security conferences. He is in the board of the Swiss Cyber Storm association and responsible for the European Cyber Security Challenge. He is the founder of Hacking-Lab, a world-wide recognized ethical hacking testing lab. Additionally, he is leading and volunteering the [[OWASP Hacking Lab|OWASP/Hacking-Lab]] project and an acknowledged security expert at the Swiss Academy of Engineering Sciences (SATW).</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=User:Ivan_Buetler&diff=234457User:Ivan Buetler2017-10-17T12:02:38Z<p>Ivan Buetler: bio update</p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218694OWASP University Challenge2016-07-07T14:27:51Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP UC? ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
== Information ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
<br />
<br />
Learn more about:<br />
* [https://www.hacking-lab.com Hacking-Lab]<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218693OWASP Hacking Lab2016-07-07T14:25:17Z<p>Ivan Buetler: /* Ohloh */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
* [https://www.ohloh.net/p/Hacking_Lab Ohloh: Hacking-Lab]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218692OWASP Hacking Lab2016-07-07T14:25:05Z<p>Ivan Buetler: /* Ohloh */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
* [https://www.ohloh.net/p/Hacking_Lab Ohloh:Hacking-Lab]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218691OWASP Hacking Lab2016-07-07T14:24:47Z<p>Ivan Buetler: /* Ohloh */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
* [https://www.ohloh.net/p/Hacking_Lab Hacking-Lab Ohloh]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218690OWASP Hacking Lab2016-07-07T14:24:23Z<p>Ivan Buetler: /* Ohloh */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
* [https://www.ohloh.net/p/Hacking_Lab Hacking-Lab]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218689OWASP Hacking Lab2016-07-07T14:23:28Z<p>Ivan Buetler: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.europeancybersecuritychallenge.eu/ European Challenge]<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218686OWASP University Challenge2016-07-07T14:00:31Z<p>Ivan Buetler: /* What is the OWASP University Challenge? */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP UC? ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
== Information ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
<br />
<br />
Learn more about:<br />
* [https://www.hacking-lab.com Hacking-Lab]<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218685OWASP University Challenge2016-07-07T14:00:02Z<p>Ivan Buetler: /* What is the OWASP University Challenge? */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
== Information ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
<br />
<br />
Learn more about:<br />
* [https://www.hacking-lab.com Hacking-Lab]<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218684OWASP University Challenge2016-07-07T13:59:32Z<p>Ivan Buetler: /* What is the OWASP University Challenge? */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
<br />
== Information ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
<br />
<br />
Learn more about:<br />
* [https://www.hacking-lab.com Hacking-Lab]<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218683OWASP University Challenge2016-07-07T13:57:17Z<p>Ivan Buetler: /* Acknowledgements */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
<br />
<br />
Learn more about:<br />
* [https://www.hacking-lab.com Hacking-Lab]<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218682OWASP University Challenge2016-07-07T13:56:23Z<p>Ivan Buetler: /* Hacking-Lab */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about:<br />
* [https://www.hacking-lab.com Hacking-Lab]<br />
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218681OWASP Hacking Lab2016-07-07T13:51:17Z<p>Ivan Buetler: /* What is Hacking Lab */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* [https://www.owasp.org/index.php/OWASP_University_Challenge University Challenge]<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218680OWASP Hacking Lab2016-07-07T13:50:00Z<p>Ivan Buetler: /* European Cyber Security Challenge 2016 */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
<br />
<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218679OWASP Hacking Lab2016-07-07T13:49:29Z<p>Ivan Buetler: /* Introduction */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
[[File:Ecsc-logo.png|left|European Cyber Security Challenge]]Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:Ecsc-logo.png&diff=218678File:Ecsc-logo.png2016-07-07T13:48:31Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218677OWASP Hacking Lab2016-07-07T13:46:22Z<p>Ivan Buetler: /* European Challenge */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== European Cyber Security Challenge 2016 ==<br />
<br />
=== Introduction ===<br />
Today, most countries lack sufficient IT security professionals to protect their IT infrastructure. To help mitigate this problem, many of them set up national cyber security competitions for finding young cyber talents and for encouraging them to pursue a career in cyber security.<br />
<br />
The European Cyber Security Challenge (ECSC) leverages these competitions in that it adds a pan-European layer to them: The top cyber talents from each country meet to network and collaborate and finally compete against each other to determine which country has the best cyber talents. To find out which country's team is the best, contestants have to solve security related tasks from domains such as web security, mobile security, crypto puzzles, reverse engineering and forensics and collect points for solving them.<br />
<br />
=== How to join the ECSC 2016 ===<br />
* [http://www.europeancybersecuritychallenge.eu/2016/join/ How to join the ECSC 2016]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218676OWASP Hacking Lab2016-07-07T13:40:08Z<p>Ivan Buetler: /* University Challenge */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
<br />
<br />
=European Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218675OWASP Hacking Lab2016-07-07T13:37:19Z<p>Ivan Buetler: /* Quick Download */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
[[File:zip-icon.png|Download ZIP]] [[Media:Challenge_development_by_OWASP.zip|Challenge Concept Template]]<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:Challenge_development_by_OWASP.zip&diff=218674File:Challenge development by OWASP.zip2016-07-07T13:35:35Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:Zip-icon.png&diff=218673File:Zip-icon.png2016-07-07T13:32:25Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218670OWASP Hacking Lab2016-07-07T13:26:17Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf|HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx|HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218669OWASP Hacking Lab2016-07-07T13:23:39Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218668OWASP Hacking Lab2016-07-07T13:23:18Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf]]<br />
<br />
[[File:ppt-icon.png|Download Power Point|link=HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218667OWASP Hacking Lab2016-07-07T13:12:51Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218666OWASP Hacking Lab2016-07-07T13:12:29Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[Media:HL CTF 2016.pdf]]<br />
<br />
[[File:word-icon.png|Download Power Point]] [[Media:HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218665OWASP Hacking Lab2016-07-07T13:09:17Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218664OWASP Hacking Lab2016-07-07T13:08:45Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
[[File:pdf-icon.png|Download PDF]] [[File:HL CTF 2016.pdf]]<br />
<br />
[[File:word-icon.png|Download Power Point]] [[File:HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218663OWASP Hacking Lab2016-07-07T13:07:25Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218662OWASP Hacking Lab2016-07-07T13:07:05Z<p>Ivan Buetler: /* Presentation */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
*[[File:pdf-icon.png|left|Download PDF]] [[File:HL CTF 2016.pdf]]<br />
<br />
*[[File:word-icon.png|left|Download Power Point]] [[File:HL CTF 2016.pptx]]<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:Ppt-icon.png&diff=218661File:Ppt-icon.png2016-07-07T13:05:51Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:Pdf-icon.png&diff=218660File:Pdf-icon.png2016-07-07T12:59:36Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:Word-icon.png&diff=218659File:Word-icon.png2016-07-07T12:59:23Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:HL_CTF_2016.pptx&diff=218658File:HL CTF 2016.pptx2016-07-07T12:56:13Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=File:HL_CTF_2016.pdf&diff=218657File:HL CTF 2016.pdf2016-07-07T12:54:40Z<p>Ivan Buetler: </p>
<hr />
<div></div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218655OWASP University Challenge2016-07-07T12:47:26Z<p>Ivan Buetler: /* Road Map and Getting Involved */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218654OWASP Hacking Lab2016-07-07T11:58:04Z<p>Ivan Buetler: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218653OWASP Hacking Lab2016-07-07T11:56:35Z<p>Ivan Buetler: /* Introduction */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
* [20 Nov 2013] News 2<br />
* [30 Sep 2013] News 1<br />
<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
===Attack-Defense System===<br />
[[File:Attack-Defense.png|left|Hacking-Lab]] <br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218652OWASP Hacking Lab2016-07-07T11:55:20Z<p>Ivan Buetler: /* Introduction */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
* [20 Nov 2013] News 2<br />
* [30 Sep 2013] News 1<br />
<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]<br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. <br />
<br />
If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218651OWASP Hacking Lab2016-07-07T11:52:45Z<p>Ivan Buetler: /* Questions */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
* [20 Nov 2013] News 2<br />
* [30 Sep 2013] News 1<br />
<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review [https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs University Challenge FAQ]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218650OWASP Hacking Lab2016-07-07T11:51:43Z<p>Ivan Buetler: /* Rating: */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
* [20 Nov 2013] News 2<br />
* [30 Sep 2013] News 1<br />
<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
***'''3 Points for vulnerability description'''<br />
***'''3 Points for proven exploit'''<br />
***'''4 Points for complete mitigation description'''<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review UC faq: https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_Hacking_Lab&diff=218649OWASP Hacking Lab2016-07-07T11:49:13Z<p>Ivan Buetler: /* About Hacking-Lab */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Hacking Lab==<br />
<br />
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
==Introduction==<br />
<br />
Currently, there is one challenge, the OWASP TopTen with currently 8700 registered users and +3500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.<br />
<br />
==Available challenges==<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP TopTen Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP Hackademic Hands-On Training]<br />
<br />
* Free registration for [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP WebGoat Hands-On Training]<br />
<br />
==Licensing==<br />
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Hacking Lab ==<br />
<br />
OWASP Hacking Lab provides:<br />
<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=245&uk= OWASP Top 10]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=302&uk= OWASP WebGoat]<br />
* [https://www.hacking-lab.com/events/registerform.html?eventid=557&uk= OWASP Hackademic]<br />
* University Challenges<br />
* Fun Challenges<br />
* [http://www.hacking-lab-ctf.com/ CTF System]<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
<br />
<br />
== Project Leaders ==<br />
<br />
[mailto:ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.Martinez@owasp.org Mateo Martinez]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/Hacking_Lab<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* Link to page/download<br />
<br />
<br />
<br />
== News and Events ==<br />
* [20 Nov 2013] News 2<br />
* [30 Sep 2013] News 1<br />
<br />
<br />
== In Print ==<br />
This project can be purchased as a print on demand book from Lulu.com<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==Solution Grading & Evaluation Guidelines for Teachers==<br />
*Always be polite<br />
**Never ever be unpolite. No matter what comment or question you receive!<br />
**You are OWASP's interface, behave mature and polite.<br />
*Comment in positive phrasing<br />
**E.g. if partially scored has been achieved, congratulate them<br />
**If the solution contains a good write-up, let them know you appreciate!<br />
**If they thank you for the event, return the favor e.g. thanks for contributing<br />
*Teaching and mentoring<br />
**If a previous suggestion is not understand, try to rephrase<br />
*No abusive language is permitted<br />
**If you receive any in a solution, don't 'hit back'<br />
**See what is causing the frustration, see if you can help is, let Ivan or Martin know<br />
<br />
==Rating:==<br />
*Understanding the vulnerability is essential<br />
**If a solution describes the vulnerability, this does scores points.<br />
<br />
*Mitigation scores higher than hacking:<br />
**We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation<br />
*Exploiting is essential<br />
**The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!<br />
*Give points when possible<br />
**If not the complete answer has been supplied, give partial points when possible.<br />
**Only reject if:<br />
***there is no solution (e.g. a question asked by the student)<br />
***the solution is answering the wrong challenge<br />
***the vulnerability / exploit / mitigation has clearly not been understood<br />
<br />
*Rating example:<br />
**If you have 10 points to give this is how to divide them:<br />
**;3 Points for vulnerability description<br />
**;3 Points for proven exploit<br />
**;4 Points for complete mitigation description<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* Ivan Buetler<br />
* Martin Knobloch<br />
* Mateo Martinez<br />
<br />
==Volunteer Roles==<br />
* Challenge developer<br />
* Challenge tester<br />
* LiveCD developer<br />
* Teachers (solution grading)<br />
* University Challenge Organizer<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<br />
Involvement in the development and promotion of Hack Lab is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
==Become an OWASP challenge participant/student==<br />
*Register to a free OWASP Hands-On Training (see tab "Available Challenges")<br />
*Sign-Up a Hacking-Lab account<br />
*Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)<br />
*Setup VPN from within your LiveCD<br />
*Read the challenge description (once registered in the first step)<br />
*Submit your solution into the HL portal<br />
*OWASP volunteers will grade your submission<br />
<br />
==Become an OWASP teacher==<br />
*Solve the challenges as participant/student first<br />
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges<br />
*Ask for becoming a teacher to the project leaders<br />
<br />
==Become an OWASP challenge developer==<br />
*Solve the challenges as participant/student first<br />
*Submit your challenge ideas (using the challenge concept template)<br />
*Create your challenge<br />
<br />
==Become an OWASP challenge tester==<br />
*Solve the challenges as participant/student first<br />
*Submit your feedback and ideas how to improve the challenges<br />
<br />
=University Challenge=<br />
== Introduction ==<br />
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges. <br />
<br />
This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]<br />
<br />
The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
===Previous events:===<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
===Questions===<br />
Please review UC faq: https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Hacking_Lab}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218647OWASP University Challenge2016-07-07T11:47:47Z<p>Ivan Buetler: /* Expenses: */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
* Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students<br />
<br />
* Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
* It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2015 @ AppSec EU in Amsterdam (Martin Knobloch)<br />
<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218646OWASP University Challenge2016-07-07T11:46:12Z<p>Ivan Buetler: /* Outline: */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (challenge server) come from [https://www.hacking-lab.com Hacking-Lab]<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
Travel and lodging has to be organized and covered by the student teams themselves<br />
The Conference should feed the students<br />
<br />
Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2015 @ AppSec EU in Amsterdam (Martin Knobloch)<br />
<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218645OWASP University Challenge2016-07-07T11:43:50Z<p>Ivan Buetler: /* About Hacking-Lab */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with Hacking-Lab<br />
* Hardware (challenge server) come from Hacking-Lab<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
Travel and lodging has to be organized and covered by the student teams themselves<br />
The Conference should feed the students<br />
<br />
Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about [https://www.hacking-lab.com Hacking-Lab]<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2015 @ AppSec EU in Amsterdam (Martin Knobloch)<br />
<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218644OWASP University Challenge2016-07-07T11:38:16Z<p>Ivan Buetler: /* What is the OWASP University Challenge? */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with Hacking-Lab<br />
* Hardware (challenge server) come from Hacking-Lab<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
Travel and lodging has to be organized and covered by the student teams themselves<br />
The Conference should feed the students<br />
<br />
Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about Hacking-Lab: https://www.hacking-lab.com<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2015 @ AppSec EU in Amsterdam (Martin Knobloch)<br />
<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetlerhttps://wiki.owasp.org/index.php?title=OWASP_University_Challenge&diff=218643OWASP University Challenge2016-07-07T11:35:54Z<p>Ivan Buetler: /* Attack-Defense System */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP University Challenge ==<br />
<br />
<br />
The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …). <br />
<br />
* There is no admission fee for the University Challenge – participation in the conference is possible for free. <br />
<br />
* During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework. <br />
<br />
* The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university. <br />
<br />
* All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list. <br />
<br />
* All team members must be registered. Registration for the University Challenge event is free. <br />
<br />
* Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).<br />
<br />
==Introduction==<br />
<br />
The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days!<br />
University / Student teams can compete solving hack challenges and defending insecure applications.<br />
<br />
==Attack-Defense System==<br />
[[File:Attack-Defense.png|left|Hacking-Lab]]The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: [http://www.hacking-lab-ctf.com CTF System]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is the OWASP University Challenge? ==<br />
<br />
OWASP University Challenge provides:<br />
<br />
The AppSec conference should take care of:<br />
*Venue / rooms during the conference training days<br />
*Feed the students<br />
*Local pr / announcements at local Universities<br />
<br />
== Presentation ==<br />
<br />
Link to presentation<br />
<br />
<br />
== Project Leader ==<br />
<br />
[mailto:Ivan.buetler@owasp.org Ivan Buetler]<br />
<br />
[mailto:Mateo.martinez@owasp.org Mateo Martinez]<br />
<br />
<br />
== Related Projects ==<br />
<br />
[[OWASP Student Chapters Program]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
== In Print ==<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=Set Up=<br />
==Conference Organisation:==<br />
* Announcement<br />
* Room / Space for the University Challenge<br />
** Internet connection<br />
** Video projector (scoring/ranking)<br />
** Power and extensions<br />
* Outreach to the local Universities<br />
* Sponsor for winner prizes<br />
* Winner announcement during the main track / (before) end of the conference<br />
<br />
==Outline:==<br />
During the two training days<br />
* challenges will be organized together with Hacking-Lab<br />
* Hardware (challenge server) come from Hacking-Lab<br />
* Hardware (wilreless routers) come form the Education Committee<br />
<br />
==Expenses:==<br />
Travel and lodging has to be organized and covered by the student teams themselves<br />
The Conference should feed the students<br />
<br />
Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference<br />
<br />
It is recommended to give the University Challenge teams free entrance to the conference<br />
<br />
==Prices:==<br />
We could need the conference organization team to help finding sponsors for the prices.<br />
<br />
=University Challenge Events=<br />
==Previous events:==<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2016_Rome/ AppSec EU 2016 Rome]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2015_Amsterdam/ AppSec EU 2015 Amsterdam]<br />
*[https://www.hacking-lab.com/references/AppSec_EU_2014_Cambridge/ AppSec EU 2014 Cambridge]<br />
*[https://www.hacking-lab.com/references/AppSec-EU-2013-University-Challenges.pdf AppSec-EU 2013 Hamburg]<br />
*[https://www.hacking-lab.com/references/OWASP-AppSec-Athen-2012/ AppSec-EU 2012 Athens]<br />
*AppSec-US 2012 Austin<br />
*AppSec-US 2011 Minneapolis<br />
<br />
==Ticket winning" pre-conference challenges:==<br />
-> option for conference to offer free tickets via solving Hacking-Lab challenges <br />
-> qualifying for UC? -> Team qualifying<br />
<br />
=FAQs=<br />
<br />
Q1: When typically has the event run at AppSec, during the training days or during conference proper?<br />
A1: The UC is normally hosted during the training days<br />
<br />
Q2: What size of room or seating capacity has typically been used?<br />
A2: Depending to the PR and number of teams (teams have a max of 8 members)<br />
<br />
Q3: What prizes are usually awarded?<br />
A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning<br />
<br />
Q4: Do the teams have free conference access?<br />
A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.<br />
There are no entrance / attendance fees charged previously<br />
The attendees usually get free access to the conference (because they travel from foreign countries too) <br />
<br />
<br />
= Acknowledgements =<br />
==Hacking-Lab==<br />
The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.<br />
<br />
===About Hacking-Lab===<br />
[[File:Hacking-Lab.png|left|Hacking-Lab]]Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. <br />
Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.<br />
<br />
Learn more about Hacking-Lab: https://www.hacking-lab.com<br />
<br />
= Road Map and Getting Involved =<br />
* University Challenge 2015 @ AppSec EU in Amsterdam (Martin Knobloch)<br />
<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_University_Challenge}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]</div>Ivan Buetler