This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Hacking Lab"
From OWASP
Ivan Buetler (talk | contribs) |
Ivan Buetler (talk | contribs) |
||
| Line 14: | Line 14: | ||
<!-- Second tab, how to become a participant --> | <!-- Second tab, how to become a participant --> | ||
=How to become a participant= | =How to become a participant= | ||
| − | + | ==How can you participate with the hands-on exercises?== | |
*Register to a free OWASP Hands-On Training (see tab "Available Challenges") | *Register to a free OWASP Hands-On Training (see tab "Available Challenges") | ||
*Sign-Up an Account in Hacking-Lab | *Sign-Up an Account in Hacking-Lab | ||
| Line 24: | Line 24: | ||
<!-- Third tab, how to become teacher --> | <!-- Third tab, how to become teacher --> | ||
| − | =How to become a teacher= | + | =How to become a teacher for the OWASP challenges= |
*Solve the challenges as participant/student first (see tab "Available Challenges") | *Solve the challenges as participant/student first (see tab "Available Challenges") | ||
*Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges | *Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges | ||
Revision as of 16:20, 14 January 2014
- Available challenges
- How to become a participant
- How to become a teacher for the OWASP challenges
- Challenge valuation Guidelines
- Project About
OWASP/Hacking-Lab Collaboration
OWASP TopTen Hands-On Training
Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=245&uk=
OWASP Hackademic Hands-On Training
Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=302&uk=
OWASP WebGoat Hands-On Training
Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=557&uk=
How can you participate with the hands-on exercises?
- Register to a free OWASP Hands-On Training (see tab "Available Challenges")
- Sign-Up an Account in Hacking-Lab
- Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
- Setup VPN from within your LiveCD
- Read the challenge description (once registered in the first step)
- Submit your solution into the HL portal
- OWASP volunteers will grade your submission
- Solve the challenges as participant/student first (see tab "Available Challenges")
- Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges
- Ask for becoming a teacher to [email protected]
Communication
- Always be polite
- Never ever be unpolite. No matter what comment or question you receive!
- You are OWASP's interface, behave mature and polite.
- Comment in positive phrasing
- E.g. if partially scored has been achieved, congratulate them
- If the solution contains a good write-up, let them know you appreciate!
- If they thank you for the event, return the favor e.g. thanks for contributing
- Teaching and mentoring
- If a previous suggestion is not understand, try to rephrase
- No abusive language is permitted
- If you receive any in a solution, don't 'hit back'
- See what is causing the frustration, see if you can help is, let Ivan or Martin know
Rating:
- Understanding the vulnerability is essential
- If a solution describes the vulnerability, this does scores points.
- Mitigation scores higher than hacking:
- We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
- Exploiting is essential
- The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
- Give points when possible
- If not the complete answer has been supplied, give partial points when possible.
- Only reject if:
- there is no solution (e.g. a question asked by the student)
- the solution is answering the wrong challenge
- the vulnerability / exploit / mitigation has clearly not been understood
- Rating example:
- If you have 10 points to give this is how to divide them:
- 3 Points for vulnerability description
- 3 Points for proven exploit
- 4 Points for complete mitigation description
- If you have 10 points to give this is how to divide them:
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
