This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search
original photo from IqRS

Countdown Challenges -- Win Free Tickets to AppSec EU Research 2013 in Hamburg!

The OWASP German Chapter will host the OWASP AppSec Europe Research 2013 global conference in Hamburg, Germany from August 20-23. The event will be composed of 2 days of training (August 20-21), followed by 2 days of conference talks (August 22-23). The conference is expected to draw 400-500 technologists from Research, Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.

Visit the conference page AppSec EU 2013 (or AppSecEU2013) for details.

There will be a challenge posted on the conference wiki page every month up until the event in August. The winner of each challenge will get free entrance to the conference, worth about €420. Be sure to sign up for the conference mailing list to get a monthly reminder.

The 7'th challenge starts here

The challenge will be open until 14'th of August 2013.

How to Win

Each challenge will be announced on the conference wiki page and the conference mailing list (subscribe here). Simply follow the link, login, and follow the instructions for the challenge. Provide your solution, which then will be marked. The challenge will be opened right after the announcement and will be closed 3 weeks later. The winner will be rewarded a free conference ticket 3 days later.

The organizing committee will review the provided solutions and accept or reject it. While the challenge is open, rejected solutions can be enhanced and submitted again. If there are equal solutions at the end of the challenge, the first submitted one wins.

At end of the last challenge, right before the conference starts, additional tickets will be given to the best provided solutions over all submitted solutions.

The free ticket is personal and the judgement of the organizing committee can not be overruled.

How it Works

Each challenge will have its unique link and will be open for 4 weeks after announcement.

If you follow the link, the site will ask for login (see Login directly (Existing Hacking-Lab Account)), or to sign-up (see Sign-up a new Hacking-Lab Account) if you don't have a login. You may use your existing account, or sign-up for a new one.

To participate on the challenge, you need an account at Hacking-Lab. You just need an email address for that and you can use a nickname of your choice. Only the nickname will be public.

How to Start

Prepare your client with a preconfigured virtual host in VMware Player or VirtualBox.
Install the LiveCD image in your virtual host. It can be downloaded here:
Download links for VMware Player and VirtualBox are:
Follow the link from your mail or posted at conference wiki.
After login you'll see the list of Running Events
Switch to the challenge AppSec EU 2013 Ticket Challenge 7
To solve the task you need a VPN connection as shown in
Connect to after starting your Live-CD from within your virtual host as described in
To complete the task (event), send your description of the vulnerability including an exploit and a description for mitigations using the provided Send Solution button.
Good luck!!

Closed Ticket Challenges

Solutions can still be provided to closed challenges and will be graded, but they are not valid to win a ticket anymore.

1'st challenge
the first challenge was closed 29th of March 2013.
2'nd challenge
the second challenge was closed 19th of April 2013.
3'rd challenge
the third challenge was closed 21th of May 2013.
4'th challenge
the fourth challenge was closed 15th of June 2013.
5'th challenge
the fifth challenge was closed 7th of July 2013.
6'th challenge
the sixth challenge was closed 24th of July 2013.

<top> <Germany>