This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Google Code In 2014"

From OWASP
Jump to: navigation, search
(Mentors)
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
=TASKS PROPOSAL FOR Google CODE –IN 2014 - OWASP=
+
 
 
[[File:Googlecodeinlogo.JPG]]
 
[[File:Googlecodeinlogo.JPG]]
  
Welcome To OWASP!!
+
=Welcome To OWASP!!=
  
 
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.
 
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.
Line 11: Line 11:
 
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.
 
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.
  
Be sure to read careful all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation :
+
Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the [http://www.google-melange.com/gci/document/show/gci_program/google/gci2014/terms_and_conditions Google Code-in Terms & Conditions].
http://www.google-melange.com/gci/document/show/gci_program/google/gci2013/terms_and_conditions
+
 
 +
 
 +
You can contact us on the [https://groups.google.com/forum/#!forum/owasp-gci OWASP Google Code-in discussion group] or via IRC on freenode (channel #owasp-gci) if you have any questions about the program. The Google Code-in 2014 contest will run from '''December 1, 2014 to January 19, 2015'''.
 +
 
 +
=Task Categories=
 +
 
 +
The tasks are grouped into the following categories:
 +
 
 +
'''Code:''' Tasks related to writing or refactoring code.
 +
 
 +
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more
  
==Code: Tasks related to writing or refactoring code ==
+
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions
'''1.Create login page with validations'''<br>
 
Create a HTML page with 2 textboxes:<br>
 
*a username textbox<br>
 
*a password textbox<br>
 
* a submit button. <br>
 
Your mission is to write one or more JavaScript functions that guarantee:
 
*When user press ‘submit’ button Username cannot be longer than 10 characters and not small than 3 characters
 
*The username he wrote will be wiped out(cleared) from the field if it doesn’t comply with the rule
 
*A pop up message will appear in case the username is longer than 10 characters saying "Username or Password is not valid"
 
*If the username or password field has the following characters filled by the user: “<” or “>” , a pop message must appear saying “These characters are not allowed”
 
  
Bonus point question(1 point)  : Explain
+
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality
Why should we sanitize user input in web forms like this?
 
What are the risks associated with not validating user input?
 
Provide a code example of an attack associated with input of 'evil' users
 
  
Bonus point question(1 point)  : Explain
+
'''User Interface:''' Tasks related to user experience research or user interface design and interaction
Why implementing these checks in JavaScript is not sufficient to guarantee security on the server.
 
  
'''2. Fix the buffer overflow'''<br>
+
=Participating Projects=
The following code has a buffer overflow. Buffer overflows are the cause of many security issues in C and C++ code. Take your time to understand first what is a buffer overflow and how can you fix this. Can you say where the problem, why and fix it?
 
  
void myData(char *loginId) { 
+
You could check the full list of participating projects and suggested tasks in the URL below:
    char  smallBuffer[10]; // size of 10 
 
    strcpy(smallBuffer, loginId);
 
  } 
 
  int main(int argc, char *argv[]) { 
 
  char *loginId = "GoogleCodeInUser12345";
 
  copyData (loginId); }
 
  
'''Bonus questions(1 point):'''
+
https://www.owasp.org/index.php/GCI2014_Ideas
what is the relation between a 'worm' and a buffer overflow?<br>
 
Provide a code example of a buffer overflow that caused a "worm". <br>
 
Explain in your own words (max 500 words) how this happens
 
[[File:Worm.jpg]]
 
  
'''3. Clickjacking a website'''<br>
+
=Mentors=
The following code allows you to check if a website can be ‘clickjacked’ or if you can use a clickjack attack. Google info about this security vulnerability. Your mission is to: Find a website that can be clickjacked<br>
 
Change the code so you can demonstrate the attack on the site you found to be vulnerable.
 
You win this tasks if you are able to make it look like a user is browsing the website and he can hardly see the difference between the ‘clickjack’ page and the real websites page
 
  
<html>
+
The mentors confirmed for GCI 2014 are:
    <head>
 
      <title>Clickjack test page</title>
 
    </head>
 
    <body>
 
      < p >Website is vulnerable to clickjacking!< /p >
 
      <iframe src="http://www.target.site" width="500" height="500"></iframe>
 
    </body>
 
</html>
 
  
[[File:Clickjacking_description.png]]
+
- Lucas Ferreira
  
'''Bonus question (1 point)''' : How can you avoid clickjacking? Explain with a code example what can we do to avoid this attack (max 500 words)
+
- Shivam Dixit
  
'''4. Playing with Firebug and DOM (Document Object Model)'''<br>
+
- Azzeddine Ramrami
Firebug is a Mozilla plugin that allows you to change the code of the webpage cached in your browser.
 
Your mission, go to www.owasp.org and change the text that says “Welcome to OWASP”
 
Create a print screen to show us how you changed the code to “Welcome to Code-In 2013”
 
[[File:FirebugOwasp.jpg]]
 
  
'''Bonus question (1 point) :'''<br>
+
- Alessandro Secco
What kind of attacks can you do to a website by manipulating the DOM? Provide an example.
 
  
==Documentation/Training: Tasks related to creating/editing documents and helping others learn more==
+
- Abraham Aranguren
  
'''5. Create a flyer promoting secure coding: OWASP TOP TEN FLYER'''<br>
+
- Kevin Wall
Go the OWASP website and search for the OWASP top ten security vulnerabilities. Create a nice Poster (A3 format) with graphics about these security issues. Try to explain this using as much as you can graphics instead of words
 
  
'''6. XSS info on the OWASP website'''<br>
+
- Simon Bennetts
We need your help finding all the URL links related to XSS in the Wiki pages of OWASP, your mission is to: Search and find all the webpages that mentioned or describe what is XSS(Cross Site Script)
 
Read the documentation about this and create a document with all the links you found in the OWASP site about this topic.<br>
 
*Is it clear for you after reading all the links what is XSS?
 
*If it’s not clear what kind of recommendations will you give us? What should be changed?
 
  
'''7. Find out outdated Incubator CODE Projects''' <br>
+
- Fabio Cerullo
OWASP has many projects that are in a beginning phase, unfortunately, some of these pages have not been updated in a long time. We need help identifying when it was the last time these wiki pages were updated. The task: Go to https://www.owasp.org/index.php/OWASP_Project_Inventory#Incubator_Projects and create a table with the following info
 
Name of the project | Last updated on: (date written as day/month/year)<br>
 
'''8. Find out outdated Incubator TOOL Projects''' <br>
 
OWASP has many projects that are in a beginning phase, unfortunately, some of these pages have not been updated in a long time. We need help identifying when it was the last time these wiki pages were updated. The task: Go to https://www.owasp.org/index.php/OWASP_Project_Inventory#Incubator_Projects and create a table with the following info
 
Name of the project | Last updated on: (date written as day/month/year)
 
  
==Outreach/research: Tasks related to community management, outreach/marketing, or studying problems and recommending ==
+
- Mateo Martinez
'''9. Improve navigation in OWASP website'''<br>
 
Go and navigate the OWASP website. How do you find the navigation of the website? provide us recommendations on how to improve it(max 1000 words)
 
  
'''10. Search for opinions about OWASP'''<br>
+
- Ramana Subramanyam
We want to know what’s been said on the web about us. Do a google search and find as much as possible what is been said about us. Is it positive? Negative? Write your findings in an A4 format page ( 1000 words -word doc) and make sure to include references of all the URL and links you find out about OWASP
 
  
'''11. Analyze the Marketing Plan OWASP'''<br>
+
- Aalekh Nigam
We have a marketing plan available on the website: https://www.owasp.org/images/7/7c/OWASP_Background-Research_Phase1_Final_%281%29.pdf
 
From this marketing plan answer the following questions:<br>
 
*Who are the Top visitors countries of the website and why do you think is the reason for?<br>
 
*Check the Word Cloud. Select a word that captures most your attention and explain why this word has to do with OWASP (except the word OWASP )<br>
 
'''12. Analyze SEO Content Audit'''
 
The following research is published in our website: https://www.owasp.org/images/4/48/OWASP-SEO-Content-Audit-Final-6-7-2013.pdf
 
Research what is the whole purpose of SEO and why OWASP should focus on 3 important strategies mentioned in the report?
 
  
==Quality Assurance: Tasks related to testing and ensuring code is of high quality ==
+
- Cornel Punga
'''Discover and test- find security bugs in WebGoat-'''<br>
 
You might be wondering how hackers ‘hack’. This is a great chance for you to find out how to bypass security in a web application and act as a Hacker. OWASP has an unsecured website called WebGoat. The tasks are related to this web application
 
You will need to install web goat:<br>
 
https://www.owasp.org/index.php/WebGoat_Installation (It’s very easy to install)
 
Use the testing guide to find more info about these issues: https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
 
  
'''13. Tasks testing 1'''<br>
+
- Cosmin Stefan
Go to the lesson on Hidden Form Field Manipulation. Explain in less than 250  words how this happens and how can you fix this issue<br>
 
'''14. Task testing 2''' <br>
 
Go to the lesson Parameter Manipulation. Explain in less than 250 words how this happens and how can you fix this issue<br>
 
'''15. Testing task 3'''<br>
 
Go to the lesson Cross-site Scripting (XSS). Explain in less than 250 words how this happens and how can you fix this issue<br>
 
'''16. Test task 4'''<br>
 
Go to the lesson Dangers of HTML Comments. Explain in less than 250 words how this happens and how can you fix this issue
 
  
 +
- Rauf Butt
  
==User Interface: Tasks related to user experience research or user interface design and interaction==
+
- Pulasthi Mahawithana
  
'''Create cool wiki pages for OWAPS project pages'''<br>
+
=Org Admin=
We want to revamp and create a new wiki template for OWASP project pages.
 
For example this project has a nice landing page
 
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
 
And this one is less fancy
 
https://www.owasp.org/index.php/OWASP_PHPRBAC_Project
 
  
Revamp the following wiki pages following the BRAND Guidelines (https://owasp.org/index.php/Marketing/Resources#tab=BRAND_GUIDELINES ). Code for the wiki pages should be delivered in a text format (just notepad++ text file). If you are using images, please deliver them in jpg format. The entire package should be delivered as a zip file (in case of multiple files)
+
- Kate Hartmann
  
17. Task 1: Revamp https://www.owasp.org/index.php/OWASP_PHP_Security_Project<br>
+
- Fabio Cerullo
18. Task 2: Revamp https://www.owasp.org/index.php/OWASP_RBAC_Project<br>
 
19. Task 3: Revamp https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project<br>
 
20. Task 4: Revamp https://www.owasp.org/index.php/OWASP_O2_Platform<br>
 

Latest revision as of 09:17, 10 November 2014

Googlecodeinlogo.JPG

Welcome To OWASP!!

Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place. OWASP is an organization that create awareness providing learning tools to programmers and developers on how to code secure and avoid being hacked.

Many of the tasks you will find in this page are about 'hacking' and protecting web applications.

If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.

Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the Google Code-in Terms & Conditions.


You can contact us on the OWASP Google Code-in discussion group or via IRC on freenode (channel #owasp-gci) if you have any questions about the program. The Google Code-in 2014 contest will run from December 1, 2014 to January 19, 2015.

Task Categories

The tasks are grouped into the following categories:

Code: Tasks related to writing or refactoring code.

Documentation/Training: Tasks related to creating/editing documents and helping others learn more

Outreach/Research: Tasks related to community management, outreach/marketing, or studying problems and recommending solutions

Quality Assurance: Tasks related to testing and ensuring code is of high quality

User Interface: Tasks related to user experience research or user interface design and interaction

Participating Projects

You could check the full list of participating projects and suggested tasks in the URL below:

https://www.owasp.org/index.php/GCI2014_Ideas

Mentors

The mentors confirmed for GCI 2014 are:

- Lucas Ferreira

- Shivam Dixit

- Azzeddine Ramrami

- Alessandro Secco

- Abraham Aranguren

- Kevin Wall

- Simon Bennetts

- Fabio Cerullo

- Mateo Martinez

- Ramana Subramanyam

- Aalekh Nigam

- Cornel Punga

- Cosmin Stefan

- Rauf Butt

- Pulasthi Mahawithana

Org Admin

- Kate Hartmann

- Fabio Cerullo