This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP NYC AppSec 2008 Conference/ctf"

From OWASP
Jump to: navigation, search
(1st full description of contest)
Line 1: Line 1:
'Capture the Flag @ OWASP 2008 USA, NYC Sept 25th - 26th'
+
Capture the Flag @ OWASP 2008 USA, NYC Sept 25th - 26th
  
Project Committee:
+
== Contest Registration ==
 +
There will be a registration booth at the conference for you to provide your Name/Psuedoname/Team Name/handle and e-mail address. When the contest opens, you will receive an e-mail with instructions and passwords for accessing the contest web site. All questions on gameday can be forwarded to Dan Guido, who will be on-site and will also available by e-mail @ [email protected]. Registering for the CTF competition does not force you to participate, feel free to register just to have a look at the challenges.
 +
 
 +
== The Contest ==
 +
The actual CTF competition is arranged into a series of 30+ mini-challenges which each demonstrate a specific web application security vulnerability. They are grouped into the categories of Easy, Medium, and Hard each worth 100, 250, and 500 points respectively.
 +
 
 +
=== How do I know when I've solved a challenge? ===
 +
The "answer" to most of the challenges is a string of random numbers, an MD5 sum, or a SHA1 sum which you will recognize when you get one. A few challenges require you to deface webpages or other tasks. Those challenges will specify how to know you're done.
 +
 
 +
=== How do I redeem my answers for points? ===
 +
E-mail your Team Name, your answer, and the URL of the challenge you completed to [email protected] with the [OWASP-CTF] somewhere in the subject line. Submissions will only be accepted from the e-mail you signed up with.
 +
 
 +
== Rules ==
 +
# Unless you are the author of the tool, the use of all commercial tools are forbidden (we suggest using OWASP tools)
 +
# The entire competition is hosted on the same server for each team. If you find a hack which can modify the contents of the filesystem or disrupt the challenges in any way, e-mail Dan Guido with the details and he will give you bonus points.
 +
# You may submit answers in any order
 +
# You may only submit an answer to a given question once
 +
# Registering for the CTF competition does not force you to participate
 +
# Only use your team e-mail for communicating with Dan
 +
# DoS attacks are not allowed and will result in disqualification
 +
# The only legal play times are between September 25th X:XXam and September 26 X:XXpm
 +
 
 +
== Communications ==
 +
There will be an IRC channel set up for various taunts, hints, and communication between players. Please check back here later for details.
 +
 
 +
== Awards ==
 +
Awards for the top competitors and others will be given out at the end of the conference. Don't ask me what the prizes are, I have no idea. Also note, there will be more categories than just "top 3 best overall."
 +
 
 +
== Project Committee ==
  
 
   Leads
 
   Leads
   Project Primary: Mahi Dontamsetti mdontamsetti(at)gmail.com- OWASP NY/NJ Board Member
+
   Project Primary: Mahi Dontamsetti mdontamsetti(at)gmail.com - OWASP NY/NJ Board Member
 
   Technical Primary: Dan Guido - dguido(at)gmail.com - Polytechnic University
 
   Technical Primary: Dan Guido - dguido(at)gmail.com - Polytechnic University
 
  
 
   Technical Contributors & Advisors
 
   Technical Contributors & Advisors
Line 15: Line 42:
 
   Anthony Paladino - Airtight
 
   Anthony Paladino - Airtight
 
   Tom Brennan - OWASP Foundation
 
   Tom Brennan - OWASP Foundation
 
'Goal of Project'
 
To provide authorized targets to conduct application/network security assessment of during Sept 24th - 25th with several "games" to make the event FUN for those that bring laptops and "Want to play a game....".  This live CTF will be done via a segmented wireless network provided by Pace University, secured by WIPS to ensure availability of AP's ---> PolyTechnic University where the targets will reside.
 
 
The CTF will include such items as:
 
 
- Trivia
 
- Discover Application Security Flaws in a known flawed system
 
- Dicover Network Security flaws in a known flawed system
 
 
blaaa blaaa blaa.... add content here ;)
 

Revision as of 22:38, 6 July 2008

Capture the Flag @ OWASP 2008 USA, NYC Sept 25th - 26th

Contest Registration

There will be a registration booth at the conference for you to provide your Name/Psuedoname/Team Name/handle and e-mail address. When the contest opens, you will receive an e-mail with instructions and passwords for accessing the contest web site. All questions on gameday can be forwarded to Dan Guido, who will be on-site and will also available by e-mail @ [email protected]. Registering for the CTF competition does not force you to participate, feel free to register just to have a look at the challenges.

The Contest

The actual CTF competition is arranged into a series of 30+ mini-challenges which each demonstrate a specific web application security vulnerability. They are grouped into the categories of Easy, Medium, and Hard each worth 100, 250, and 500 points respectively.

How do I know when I've solved a challenge?

The "answer" to most of the challenges is a string of random numbers, an MD5 sum, or a SHA1 sum which you will recognize when you get one. A few challenges require you to deface webpages or other tasks. Those challenges will specify how to know you're done.

How do I redeem my answers for points?

E-mail your Team Name, your answer, and the URL of the challenge you completed to [email protected] with the [OWASP-CTF] somewhere in the subject line. Submissions will only be accepted from the e-mail you signed up with.

Rules

  1. Unless you are the author of the tool, the use of all commercial tools are forbidden (we suggest using OWASP tools)
  2. The entire competition is hosted on the same server for each team. If you find a hack which can modify the contents of the filesystem or disrupt the challenges in any way, e-mail Dan Guido with the details and he will give you bonus points.
  3. You may submit answers in any order
  4. You may only submit an answer to a given question once
  5. Registering for the CTF competition does not force you to participate
  6. Only use your team e-mail for communicating with Dan
  7. DoS attacks are not allowed and will result in disqualification
  8. The only legal play times are between September 25th X:XXam and September 26 X:XXpm

Communications

There will be an IRC channel set up for various taunts, hints, and communication between players. Please check back here later for details.

Awards

Awards for the top competitors and others will be given out at the end of the conference. Don't ask me what the prizes are, I have no idea. Also note, there will be more categories than just "top 3 best overall."

Project Committee

 Leads
 Project Primary: Mahi Dontamsetti mdontamsetti(at)gmail.com - OWASP NY/NJ Board Member
 Technical Primary: Dan Guido - dguido(at)gmail.com - Polytechnic University

 Technical Contributors & Advisors
 Nasir Memon - Polytechnic University
 Brian Peister - Deloitte & OWASP NY/NJ Board Member
 Martin Knobloch - Sogeti
 Ashish Popli - Microsoft, ACE Team
 Anthony Paladino - Airtight
 Tom Brennan - OWASP Foundation
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference/ctf&oldid=33561"