This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:OWASP CTF Project

Revision as of 21:46, 14 July 2010 by Martinknobloch (talk | contribs)

Jump to: navigation, search


Welcome to the OWASP Capture The Flag (CTF) project!

What is the CTF

The OWASP CTF project is a web base hacking challenge application with challenges categorized in web, network and ‘others’. You require creativity, resourcefulness and networking skills to solve the various challenges.

Open Source?

First of all... sorry, but of course, we can not make the CTF and all challenges opensource. Hereby my apologies for not being as open as I want OWASP and OWASP projects to be.
..I know you understand!

Ahead of the OWASP AppSec-NY in 2009, the idea came up to supply an OWASP CTF event. This has been repeated successfully for the AppSec-EU 2009. Both developed by volunteering individuals, putting in a big amount of work, building the CTF from scratch. As the CTF event was warmly welcomed by those who participated, it was clear, the CTF has to become a event available for each OWASP event. To make this possible, the CTF project has been created!

the CTF at your event

Unfortunately, and I guess you understand, we can't share the current used CTF freely.. For previous CTF applications and challenges, please see the download tab!

To get the CTF at your (OWASP) event, send an email to martin.knobloch 'at'

  • AppSec-EU Polen
  • AppSec-DC
  • HITB Amsterdam
  • AppSec- Research
  • AppSec-Ireland

Playing the CTF

The rules to participate and playing the CTF might change depending to the event the CTF is organized at. What you find below is what we think, the CTF should be done.. ;-)


Register at the CTF organizer with your MAC address and participant name. Once you have access to the application, you register with your chosen game name and the game is started. You can join whenever you like when the game started until the declared end of the game.


  • You play with your own laptop
  • The game is open during the conference time.
  • Attacking the CTF outside of the challenges results in disqualification
  • Attacking CTF competitors results in disqualification


For each solved challenge you get one point.

  • Who has the most challenges solved wins.
  • By same score, first scored wins.
  • Groups and single player are treated the same

This is a proposal of rules. Those can be changed, depending on the event where the CTF is hold!

who can anticipate in the CTF

  • Single Players, every one can anticipate on a CTF event by him self
  • Groups, you can up with others and anticipate as group. Dividing the prices is the responsibility of the group members though

pointing system

With each challenge you can get a certain score, depending on the difficulty of the challenge. After solving a challenge, a key is gained. You will have to insert that key in your account screen and points are added to your account. In case of same number of points, who ever scores first wins!


The challenges are categorized in Web, Networking and Forensic.

  • Web challenges
  • Networking challenges
  • Forensic challenges

The current CTF contains the following categories:

  • Web
  • Networking
  • Others

score board

For each category, there will be 4 challenges in different difficulty:

  • 200 pointsu
  • 300 points
  • 500 points
  • 750 points


its home on Google Code
All available downloads can be found at its Google Code download location

As we can not make the current CTF and challenges available, so what is available to download? We will share previous used CTF applications, not longer used!

Further, we are currently working on a plug-in system for the challenges. We will release a setup where to install challenges as plugins, soon. Also, we will continuously make obsolete challenges available to download!

Available downloads:


  • Development
    • Challenges
  • Obsolete

Project Identification

What does this OWASP project offer you?
What does this OWASP project release offer you?
what is this project?

Purpose: Waiting for definition.

License: N/A

who is working on this project?
Project Leader: Steven van der Baan @

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Steven van der Baan @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
First Release - Unknown Date - (no download available)

Release Leader: N/A

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0

This category currently contains no pages or media.