This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSec Israel 2016 CTF

From OWASP
Jump to: navigation, search

Register now!

This year, for the first time, AppSec Israel will be hosting our very own Capture the Flag competition!

This capture the flag competition aims to encourage and promote interest in web application security, as well as for just having some fun.

We do not see it as a competition really, though there are winners and they are going to win some cool prizes...

There are a lot of interesting talks at OWASP this year that you wouldn't want to miss.. So, it is perfectly ok if you don't end up collecting all flags.. We know, you have been busy..


Here are some FAQ I frequently hear (I never heard them actually, but what the hack?)

Is there any registration needed?

Registration is available here (just add yourself to my sched) or on site, at Komodo booth.


What prizes do the winners get?

There are going to be 4 prizes. 3 top scores will get a prize while one prize will be won by a lottery between all who scores a minimum of 10 points.

If there are 2 attendees who reached the same score, a lottery between the two will be taken.

Oh.. and the prizes.. We'll decide soon enough and let you know.


What is the CTF structure?

We have built a PHP based web application that holds 6 challenges. Each challenge require a knowledge of a different attack or a different attack vector. Once you find the flag, you should use our 'proof of hack' PHP page to get the scores.

We might add a 'buy a hint' functionality, but even if we won't there are going to be plenty of people around who could steer you to the right direction.


At what time does the CTF take place?

The CTF will be open all day long, starting at the first talk and till the end of last one.


What should I bring?

Bring your kali linux. Well, there is no need for that really, just kidding.

What you might need is:


  1. Laptop, any OS will do.
  2. Internet connection.
  3. Python installed (2.x I believe)
  4. HTTP Proxy (burp, fiddler, whatever…)
  5. Wireshark, tcpdump or something like that
  6. Internet facing server (but we can provide you with that if needed)



Of course, you might get all flags without needing any of the above. That would be super cool, we would love to see your take on our challenges.


How long should it take?

The CTF is open for the entire day. We estimate each challenge to take approximately 30 minutes, so it is 3 hours altogether.

All challenges are solvable in a matter of few minutes, once you know how. The difficulty level vary from entry level to advance.

There is one which may take quite a while and will require determination and persistency to solve.

Register now!