This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Hacking Lab"
From OWASP
| Line 1: | Line 1: | ||
About OWASP / Hacking-Lab: | About OWASP / Hacking-Lab: | ||
| − | |||
<!-- First tab, what is OWASP/Hacking-Lab --> | <!-- First tab, what is OWASP/Hacking-Lab --> | ||
= OWASP/Hacking-Lab challenges = | = OWASP/Hacking-Lab challenges = | ||
| − | |||
| − | |||
*OWASP TopTen | *OWASP TopTen | ||
*:Hacking-Lab donated challenges covering the OWASP TopTen | *:Hacking-Lab donated challenges covering the OWASP TopTen | ||
*OWASP Hackademic | *OWASP Hackademic | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
<!-- Second tab, how to become a participant --> | <!-- Second tab, how to become a participant --> | ||
| Line 23: | Line 15: | ||
* NDA (plus explanation why) | * NDA (plus explanation why) | ||
| + | <!-- Fourth tab, teacher Guidelines--> | ||
| + | =Challenge valuation Guidelines for Teachers= | ||
| + | ==Communication== | ||
| + | *Always be polite | ||
| + | **Never ever be unpolite. No matter what comment or question you receive! | ||
| + | **You are OWASP's interface, behave mature and polite. | ||
| + | *Comment in positive phrasing | ||
| + | **E.g. if partially scored has been achieved, congratulate them | ||
| + | **If the solution contains a good write-up, let them know you appreciate! | ||
| + | **If they thank you for the event, return the favor e.g. thanks for contributing | ||
| + | *Teaching and mentoring | ||
| + | **If a previous suggestion is not understand, try to rephrase | ||
| + | *No abusive language is permitted | ||
| + | **If you receive any in a solution, don't 'hit back' | ||
| + | **See what is causing the frustration, see if you can help is, let Ivan or Martin know | ||
| + | |||
| + | ==Rating:== | ||
| + | *Understanding the vulnerability is essential | ||
| + | **If a solution describes the vulnerability, this does scores points. | ||
| + | Of course, always less | ||
| + | *Mitigation scores higher than hacking: | ||
| + | **We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation | ||
| + | *Exploiting is essential | ||
| + | **The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too! | ||
| + | *Give points when possible | ||
| + | **If not the complete answer has been supplied, give partial points when possible. | ||
| + | **Only reject if: | ||
| + | ***there is no solution (e.g. a question asked by the student) | ||
| + | ***the solution is answering the wrong challenge | ||
| + | ***the vulnerability / exploit / mitigation has clearly not been understood | ||
| − | * | + | *Rating example: |
| + | **If you have 10 points to give this is how to divide them: | ||
| + | **;Describe vulnerability:3 | ||
| + | **;Exploit (to proof):3 | ||
| + | **;Mitigation:4 | ||
Revision as of 11:18, 26 March 2013
About OWASP / Hacking-Lab:
- OWASP/Hacking-Lab challenges
- How to become a participant
- How to become a teacher
- Challenge valuation Guidelines for Teachers
- Project About
- OWASP TopTen
- Hacking-Lab donated challenges covering the OWASP TopTen
- OWASP Hackademic
- registration Link
- NDA (plus explanation why)
Communication
- Always be polite
- Never ever be unpolite. No matter what comment or question you receive!
- You are OWASP's interface, behave mature and polite.
- Comment in positive phrasing
- E.g. if partially scored has been achieved, congratulate them
- If the solution contains a good write-up, let them know you appreciate!
- If they thank you for the event, return the favor e.g. thanks for contributing
- Teaching and mentoring
- If a previous suggestion is not understand, try to rephrase
- No abusive language is permitted
- If you receive any in a solution, don't 'hit back'
- See what is causing the frustration, see if you can help is, let Ivan or Martin know
Rating:
- Understanding the vulnerability is essential
- If a solution describes the vulnerability, this does scores points.
Of course, always less
- Mitigation scores higher than hacking:
- We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
- Exploiting is essential
- The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
- Give points when possible
- If not the complete answer has been supplied, give partial points when possible.
- Only reject if:
- there is no solution (e.g. a question asked by the student)
- the solution is answering the wrong challenge
- the vulnerability / exploit / mitigation has clearly not been understood
- Rating example:
- If you have 10 points to give this is how to divide them:
- Describe vulnerability
- 3
- Exploit (to proof)
- 3
- Mitigation
- 4
- If you have 10 points to give this is how to divide them:
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
