This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Hacking Lab"
From OWASP
| Line 2: | Line 2: | ||
About OWASP / Hacking-Lab: | About OWASP / Hacking-Lab: | ||
<!-- First tab, what is OWASP/Hacking-Lab --> | <!-- First tab, what is OWASP/Hacking-Lab --> | ||
| − | = OWASP/Hacking-Lab challenges | + | =OWASP/Hacking-Lab challenges= |
*OWASP TopTen | *OWASP TopTen | ||
*:Hacking-Lab donated challenges covering the OWASP TopTen | *:Hacking-Lab donated challenges covering the OWASP TopTen | ||
| Line 8: | Line 8: | ||
<!-- Second tab, how to become a participant --> | <!-- Second tab, how to become a participant --> | ||
| − | = How to become a participant | + | =How to become a participant= |
| + | To participate: | ||
* registration Link | * registration Link | ||
| − | <!-- Third tab, how to | + | <!-- Third tab, how to become teacher --> |
| − | = How to become a teacher | + | =How to become a teacher= |
* NDA (plus explanation why) | * NDA (plus explanation why) | ||
<!-- Fourth tab, teacher Guidelines--> | <!-- Fourth tab, teacher Guidelines--> | ||
| − | =Challenge valuation Guidelines | + | =Challenge valuation Guidelines= |
==Communication== | ==Communication== | ||
*Always be polite | *Always be polite | ||
Revision as of 11:21, 26 March 2013
About OWASP / Hacking-Lab:
- OWASP/Hacking-Lab challenges
- How to become a participant
- How to become a teacher
- Challenge valuation Guidelines
- Project About
- OWASP TopTen
- Hacking-Lab donated challenges covering the OWASP TopTen
- OWASP Hackademic
To participate:
- registration Link
- NDA (plus explanation why)
Communication
- Always be polite
- Never ever be unpolite. No matter what comment or question you receive!
- You are OWASP's interface, behave mature and polite.
- Comment in positive phrasing
- E.g. if partially scored has been achieved, congratulate them
- If the solution contains a good write-up, let them know you appreciate!
- If they thank you for the event, return the favor e.g. thanks for contributing
- Teaching and mentoring
- If a previous suggestion is not understand, try to rephrase
- No abusive language is permitted
- If you receive any in a solution, don't 'hit back'
- See what is causing the frustration, see if you can help is, let Ivan or Martin know
Rating:
- Understanding the vulnerability is essential
- If a solution describes the vulnerability, this does scores points.
Of course, always less
- Mitigation scores higher than hacking:
- We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
- Exploiting is essential
- The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
- Give points when possible
- If not the complete answer has been supplied, give partial points when possible.
- Only reject if:
- there is no solution (e.g. a question asked by the student)
- the solution is answering the wrong challenge
- the vulnerability / exploit / mitigation has clearly not been understood
- Rating example:
- If you have 10 points to give this is how to divide them:
- Describe vulnerability
- 3
- Exploit (to proof)
- 3
- Mitigation
- 4
- If you have 10 points to give this is how to divide them:
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
