This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Code Kids 2015 Ideas

From OWASP
Revision as of 08:31, 8 November 2014 by A V Minhaz (talk | contribs) (Task 5-6: Create screencast on how to deploy both version of CSRF Protector individually)

Jump to: navigation, search

Task Categories

The tasks are grouped into the categories described below. Please make sure each task is assigned a category.

Code: Tasks related to writing or refactoring code.

Documentation/Training: Tasks related to creating/editing documents and helping others learn more

Outreach/Research: Tasks related to community management, outreach/marketing, or studying problems and recommending solutions

Quality Assurance: Tasks related to testing and ensuring code is of high quality

User Interface: Tasks related to user experience research or user interface design and interaction

OWASP ZAP

OWASP ZAP Task 1

Brief Explanation:

Task description

Task Category:

Eg. Code Category

Expected Results:

Describe the expected results of the task

Knowledge Prerequisites:

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

Mentors: XXXXXX

OWASP OWTF

OWASP OWTF Task 1

Brief Explanation:

Task description

Task Category:

Eg. Code Category

Expected Results:

Describe the expected results of the task

Knowledge Prerequisites:

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

Mentors: XXXXXX

OWASP WIKI

Brief Explanation:

Design a new logo for the Latam Tour 2015. The logo must resemble previous editions of the Tour and represent the Latin America region. It would be better if the new logo is based on the OWASP logo. As a reference, here is the Latam Tour 2014 Logo:

OWASP_Latam_Tour_Logo_2014.png

Task Category:

Design

Expected Results:

Latam Tour 2015 logo in either psd or jpeg format.

Knowledge Prerequisites:

Familiarity with Photoshop/GIMP or any other designing software.

Mentors: Fabio Cerullo

OWASP WebGoatPHP

Task 1: Implement "remember me" feature

Brief Explanation:

Implement a secure "Remember me" feature in user login form using cookies. At present the remember me check box is present in the form but it does nothing.

Task Category:

Code

Expected Results:

If user checks the "remember me" check box when logging in, then the user will not be required to login every time he visits the application within X days.

Knowledge Prerequisites:

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

Reference:

https://github.com/shivamdixit/WebGoatPHP/issues/45

Code:

app/control/user/login.php

Mentors: Shivam Dixit


Task 2: Make workshop mode dashboard responsive

Brief Explanation:

In workshop mode of the application, the side panel of admin dashboard is not responsive i.e it does not fits well in smaller size screen resolutions. If the screen size is small the side panel should shrink into a smaller panel preferably at the bottom of the application.

Task Category:

Code

Expected Results:

Panel perfectly adjusts on small screen resolutions.

Knowledge Prerequisites:

CSS (media queries), HTML

Reference:

https://github.com/shivamdixit/WebGoatPHP/issues/26

Code:

style/dashboard.css

Mentors: Shivam Dixit


Brief Explanation:

Design a new logo for the application. The logo must resemble various aspects of the application. It would be better if the new logo is based on the OWASP logo.

Task Category:

Design

Expected Results:

WebGoatPHP logo in either psd or jpeg format.

Knowledge Prerequisites:

Familiarity with Photoshop/GIMP or any other designing software.

Mentors: Shivam Dixit

Task 4: WebGoatPHP deployment screencast

Brief Explanation:

Deploy the application on the local server without using vagrant and record a screencast of the process. Upload to a video streaming service and comment link on the melange for mentor to review.

Task Category:

Code

Expected Results:

The screencast should clearly contain all the steps required for the deployment and how to troubleshoot most common errors in the whole process.

Knowledge Prerequisites:

Familiarity with an operating system (Linux/Windows)

Mentors: Shivam Dixit


Task 5: Create a SQL injection challenge

Brief Explanation:

Single user mode of WebGoatPHP consist of set of challenges. These challenges simulate various real world security vulnerabilities in web applications. You have to add a challenge under category "Injection Attacks" which simulates a SQL injection vulnerability in single user mode. The input data must be of type string and the challenge should mimic some real world scenario.

Task Category:

Code

Expected Results:

A challenge which helps user understand SQLi vulnerability by allowing him to exploit the vulnerability.

Knowledge Prerequisites:

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

Reference:

https://www.owasp.org/index.php/SQL_Injection

https://github.com/shivamdixit/WebGoatPHP/blob/master/README.md#adding-a-lessonchallenge

Mentors: Shivam Dixit


Task 6-20: WebGoatPHP challenges screencast series

Brief Explanation:

In this task you are required to record screencast of how to solve a particular single user mode challenge. The screencast should start by providing an overview of the vulnerability that will be exploited, then step by step instructions on how to exploit the vulnerability. The screencast should conclude on a note that how to avoid this vulnerability in your application. The length of the screencast would vary according to the challenge but it should neither be too long nor too short.

Task - Screencast of challenge.....

Task 6 - HTTP Basic

Task 7 - Using Access Control Matrix

Task 8 - Business Layer Access Control

Task 9 - Path Based Access Control

Task 10 - Same Origin Policy Protection

Task 11 - Forgot Password

Task 12 - Discover clues in HTML

Task 13 - JS Obfuscation

Task 14 - XSS 1 (Reflected)

Task 15 - XSS 2 (Stored)

Task 16 - XSS 3 (DOM)

Task 17 - Fail Open Authentication

Task 18 - Log Spoofing

Task 19 - Numeric SQL Injection

Task 20 - XPATH injection

Task Category:

Code

Expected Results:

A screencast explaining the vulnerability involved in a particular challenge.

Knowledge Prerequisites:

Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities.

Mentors: Shivam Dixit

OWASP CSRF Protector

Brief Explanation:

Design logos for the for CSRF Protector Project, possibly two versions one for php library and another one for Apache module. Both of them should resemble OWASP logo.

Task Category:

Design

Expected Results:

OWASP CSRF Protector logo in either psd or jpeg format.

Knowledge Prerequisites:

Familiarity with Photoshop/GIMP or any other designing software.

Mentors: Minhaz

Task 3: Porting CSRF Protector PHP Wiki (from Github) to OWASP Wiki

Brief Explanation:

Currently we have wiki on how to use and deploy, at github. The task is to port them to OWASP Wiki as well so that it can be accessed directly.

Task Category:

Documentation

Expected Results:

Wiki for CSRF Protector php library in OWASP.ORG .

Knowledge Prerequisites:

Familiarity with wiki. Reference Github wiki for CSRF Protector php Mentors: Minhaz

Task 4: Porting mod_csrfprotector Wiki (from Github) to OWASP Wiki

Brief Explanation:

Currently we have wiki on how to use and deploy, at github. The task is to port them to OWASP Wiki as well so that it can be accessed directly.

Task Category:

Documentation

Expected Results:

Wiki for mod_csrfprotector library in OWASP.ORG .

Knowledge Prerequisites:

Familiarity with wiki. References' Github wiki for mod_csrfprotector

Mentors: Minhaz

Task 5-6: Create screencasts on how to deploy both version of CSRF Protector individually

Brief Explanation:

Create two screencasts, one for each, which explains how to deploy CSRF Protector in your existing web application.

Task Category:

Screencast

Expected Results:

Screencasts explaining how to use CSRF Protector with existing web applications.

Knowledge Prerequisites:

Experience with php, HTML, and Apache (for mod_csrfprotector)


Mentors: Minhaz