This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP NYC AppSec 2008 Conference/ctf"

From OWASP
Jump to: navigation, search
 
(16 intermediate revisions by one other user not shown)
Line 1: Line 1:
'Capture the Flag @ OWASP 2008 USA, NYC Sept 25th - 26th'
+
Capture the Flag @ OWASP 2008 USA, NYC Sept 25th - 26th
  
Project Committee:
+
== Contest Registration ==
 +
There will be a registration booth at the conference for you to provide your Name/Psuedoname/Team Name/handle and e-mail address. When the contest opens, you will receive an e-mail with instructions and passwords for accessing the contest web site. All questions on gameday can be forwarded to Dan Guido, who will be on-site and will also available by e-mail @ [email protected]. Registering for the CTF competition does not force you to participate, feel free to register just to have a look at the challenges.
 +
 
 +
== The Contest ==
 +
The CTF competition is arranged into a series of 30+ mini-challenges that each demonstrate a specific web application security vulnerability. They are grouped into categories of Easy, Medium, and Hard each worth 100, 250, and 500 points, respectively.
 +
 
 +
=== How do I know when I've solved a challenge? ===
 +
The "answer" to most of the challenges are a string of random numbers, an MD5 sum, or a SHA1 sum that you will recognize when you find. A few challenges require you to deface webpages or other tasks. Those challenges will specify how to know you're done.
 +
 
 +
=== How do I redeem my answers for points? ===
 +
E-mail your Team Name, your answer, and the URL of the challenge you completed to [email protected] with [OWASP-CTF] somewhere in the subject line. Submissions will only be accepted from the e-mail you signed up with.
 +
 
 +
== Rules ==
 +
# Registering for the CTF competition does not force you to participate
 +
# Only use your team e-mail (the e-mail you signed up with) for communicating with Dan
 +
# You may submit answers in any order
 +
# You may only submit an answer to a given question once
 +
# The use of commercial tools is forbidden (we suggest using [http://www.owasp.org/index.php/Category:OWASP_Download OWASP tools])
 +
# The entire competition is hosted on the same server for each team. If you find a hack that can modify the contents of the filesystem or disrupt the challenges in any way, e-mail Dan Guido with the details and he will give you bonus points.
 +
# DoS attacks are not allowed and will result in disqualification
 +
 
 +
== Communications ==
 +
There will be an IRC channel set up for various taunts, hints, and communication between players. Please check back here later for details.
 +
 
 +
== Awards ==
 +
Awards for the top competitors and others will be given out at the end of the conference. Don't ask me what the prizes are, I have no idea. Also note, there will be more categories than just "top 3 best overall."
 +
 
 +
== About the Developers ==
 +
Dan is an undergraduate Computer Science student at the university [http://www.poly.edu/mergercentral/ formerly] known as Polytechnic University. He made this series of challenges with the help of a few people in the [http://isis.poly.edu/ lab] including Aleksey Fateev, Yu Pok Chan, and Michael Aiello.
 +
 
 +
== Project Committee ==
  
 
   Leads
 
   Leads
   Project Primary: Mahi Dontamsetti mdontamsetti(at)gmail.com- OWASP NY/NJ Board Member
+
   Project Primary: Mahi Dontamsetti mdontamsetti(at)gmail.com - OWASP NY/NJ Board Member
 
   Technical Primary: Dan Guido - dguido(at)gmail.com - Polytechnic University
 
   Technical Primary: Dan Guido - dguido(at)gmail.com - Polytechnic University
 
  
 
   Technical Contributors & Advisors
 
   Technical Contributors & Advisors
Line 15: Line 44:
 
   Anthony Paladino - Airtight
 
   Anthony Paladino - Airtight
 
   Tom Brennan - OWASP Foundation
 
   Tom Brennan - OWASP Foundation
 
'Goal of Project'
 
To provide authorized targets to conduct application/network security assessment of during Sept 24th - 25th with several "games" to make the event FUN for those that bring laptops and "Want to play a game....".  This live CTF will be done via a segmented wireless network provided by Pace University, secured by WIPS to ensure availability of AP's ---> PolyTechnic University where the targets will reside.
 
 
The CTF will include such items as:
 
 
- Trivia
 
- Discover Application Security Flaws in a known flawed system
 
- Dicover Network Security flaws in a known flawed system
 
 
blaaa blaaa blaa.... add content here ;)
 

Latest revision as of 02:35, 3 September 2008

Capture the Flag @ OWASP 2008 USA, NYC Sept 25th - 26th

Contest Registration

There will be a registration booth at the conference for you to provide your Name/Psuedoname/Team Name/handle and e-mail address. When the contest opens, you will receive an e-mail with instructions and passwords for accessing the contest web site. All questions on gameday can be forwarded to Dan Guido, who will be on-site and will also available by e-mail @ [email protected]. Registering for the CTF competition does not force you to participate, feel free to register just to have a look at the challenges.

The Contest

The CTF competition is arranged into a series of 30+ mini-challenges that each demonstrate a specific web application security vulnerability. They are grouped into categories of Easy, Medium, and Hard each worth 100, 250, and 500 points, respectively.

How do I know when I've solved a challenge?

The "answer" to most of the challenges are a string of random numbers, an MD5 sum, or a SHA1 sum that you will recognize when you find. A few challenges require you to deface webpages or other tasks. Those challenges will specify how to know you're done.

How do I redeem my answers for points?

E-mail your Team Name, your answer, and the URL of the challenge you completed to [email protected] with [OWASP-CTF] somewhere in the subject line. Submissions will only be accepted from the e-mail you signed up with.

Rules

  1. Registering for the CTF competition does not force you to participate
  2. Only use your team e-mail (the e-mail you signed up with) for communicating with Dan
  3. You may submit answers in any order
  4. You may only submit an answer to a given question once
  5. The use of commercial tools is forbidden (we suggest using OWASP tools)
  6. The entire competition is hosted on the same server for each team. If you find a hack that can modify the contents of the filesystem or disrupt the challenges in any way, e-mail Dan Guido with the details and he will give you bonus points.
  7. DoS attacks are not allowed and will result in disqualification

Communications

There will be an IRC channel set up for various taunts, hints, and communication between players. Please check back here later for details.

Awards

Awards for the top competitors and others will be given out at the end of the conference. Don't ask me what the prizes are, I have no idea. Also note, there will be more categories than just "top 3 best overall."

About the Developers

Dan is an undergraduate Computer Science student at the university formerly known as Polytechnic University. He made this series of challenges with the help of a few people in the lab including Aleksey Fateev, Yu Pok Chan, and Michael Aiello.

Project Committee

 Leads
 Project Primary: Mahi Dontamsetti mdontamsetti(at)gmail.com - OWASP NY/NJ Board Member
 Technical Primary: Dan Guido - dguido(at)gmail.com - Polytechnic University

 Technical Contributors & Advisors
 Nasir Memon - Polytechnic University
 Brian Peister - Deloitte & OWASP NY/NJ Board Member
 Martin Knobloch - Sogeti
 Ashish Popli - Microsoft, ACE Team
 Anthony Paladino - Airtight
 Tom Brennan - OWASP Foundation
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference/ctf&oldid=38129"