This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Hacking Lab"
From OWASP
(→Rating:) |
Ivan Buetler (talk | contribs) |
||
| Line 4: | Line 4: | ||
=Available challenges= | =Available challenges= | ||
OWASP/Hacking-Lab | OWASP/Hacking-Lab | ||
| − | *OWASP TopTen | + | *OWASP TopTen Hands-On Training |
| + | *OWASP Hackademic Hands-On Training | ||
| + | *OWASP WebGoat Hands-On Training | ||
*:Hacking-Lab donated challenges covering the OWASP TopTen | *:Hacking-Lab donated challenges covering the OWASP TopTen | ||
*OWASP Hackademic | *OWASP Hackademic | ||
Revision as of 16:06, 14 January 2014
- Available challenges
- How to become a participant
- How to become a teacher
- Challenge valuation Guidelines
- Project About
OWASP/Hacking-Lab
- OWASP TopTen Hands-On Training
- OWASP Hackademic Hands-On Training
- OWASP WebGoat Hands-On Training
- Hacking-Lab donated challenges covering the OWASP TopTen
- OWASP Hackademic
To participate:
- registration Link
- NDA (plus explanation why)
Communication
- Always be polite
- Never ever be unpolite. No matter what comment or question you receive!
- You are OWASP's interface, behave mature and polite.
- Comment in positive phrasing
- E.g. if partially scored has been achieved, congratulate them
- If the solution contains a good write-up, let them know you appreciate!
- If they thank you for the event, return the favor e.g. thanks for contributing
- Teaching and mentoring
- If a previous suggestion is not understand, try to rephrase
- No abusive language is permitted
- If you receive any in a solution, don't 'hit back'
- See what is causing the frustration, see if you can help is, let Ivan or Martin know
Rating:
- Understanding the vulnerability is essential
- If a solution describes the vulnerability, this does scores points.
- Mitigation scores higher than hacking:
- We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
- Exploiting is essential
- The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
- Give points when possible
- If not the complete answer has been supplied, give partial points when possible.
- Only reject if:
- there is no solution (e.g. a question asked by the student)
- the solution is answering the wrong challenge
- the vulnerability / exploit / mitigation has clearly not been understood
- Rating example:
- If you have 10 points to give this is how to divide them:
- 3 Points for vulnerability description
- 3 Points for proven exploit
- 4 Points for complete mitigation description
- If you have 10 points to give this is how to divide them:
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
