Category:OWASP CTF Project
Playing the CTF
The rules to participate and playing the CTF might change depending to the event the CTF is organized at. What you find below is what we think, the CTF should be done..
Register at the CTF organizer with your MAC address and participant name. Once you have access to the application, register with your chosen game name and the game is started. You can join whenever you like when the game has started until the declared end of the game.
- You play with your own laptop.
- The game is open during the conference time.
- Attacking the CTF outside of the challenges results in disqualification.
- Attacking CTF competitors results in disqualification.
- For each solved challenge you get one point.
- Who has the most challenges solved wins.
- By same score, first scored wins.
- Groups and single player are treated the same
- This is a proposal of rules. Those can be changed, depending on the event where the CTF is held.
Who can anticipate in the CTF?
- Single Players, every one can participate in a CTF event by themselves.
- Groups, you can team up with others and participate as a group. Dividing the prices is the responsibility of the group members, though.
- With each challenge you can get a certain score, depending on the difficulty of the challenge. After solving a challenge, a key is gained. You will have to insert that key into your account screen and points are added to your account. In case of same number of points, whoever scores first wins.
- With the current CTF system all challenges are worth one (1) point.
The challenges are categorized in Web, Networking and Forensic.
- Web challenges
- Networking challenges
- Forensic challenges
The current CTF contains the following categories:
- Web; your "default" web challenges
- Networking; networking related challenges
- Others; all other challenges that can't be fitted under the other categories.
The scoreboard will display the ranking of all playing users.
- Confidence 2008
- OWASP Appsec Europe 2008
- AppSec-EU Poland 2009
- AppSec-DC 2009
- AppSec-EU Stockholm 2010
- HITB Amsterdam 2010
- AppSec-USA 2010
- GovWare Singapore 2010
- AppSec-Brazil 2010
- OWASP BeNeLux day 2010
- HITB Amsterdam 2011
- AppSec-EU Dublin 2011
- AppSec-USA Minneapolis 2011
- OWASP Benelux day 2011
- OWASP Appsec EU Athens 2012
- AppSec-USA Austin 2012
- OWASP BeNeLux day 2012
- OWASP Appsec EU Hamburg 2013
- AppSec-USA New York 2013
- OWASP Appsec EU Cambridge 2014
- Can I have a copy of the challenges?
- Short answer, no. Long answer, depending on the 'strength' of the challenges they will be reused across multiple Capture the Flag events. Releasing the challenges might bring an unfair advantage to some of the players.
- How can I help?
- Everybody can help by providing challenges, or ideas for challenges.
As of 2014, the priorities are:
The framework is almost finished. The final quirkes are tested at the Owasp BeNeLux days and will be uploaded afterwards.
The latest design and logo (thanks to my wife) are used, waiting on some feedback from actual players.
The next version of the framework will contain a better template mechanism for customisation and a construction to be able to play network challenges without having to worry of you hackers taking over the complete system ;)
The various challenges that will be released depend on the feedback from the various events where the CTF has been held. The easiest challenges will slowly disapear from the CTF and will be made available for download.
Involvement in the development and promotion of the CTF is actively encouraged! We need people who can help in designing and building challenges. Feel free to send ideas (or even finished challenges) to Steven ([email protected]) and he'll try to include it in the CTF.
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
This category currently contains no pages or media.