This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP University Challenge

Revision as of 14:27, 7 July 2016 by Ivan Buetler (talk | contribs) (Presentation)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
OWASP Project Header.jpg

OWASP University Challenge

The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …).

  • There is no admission fee for the University Challenge – participation in the conference is possible for free.
  • During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework.
  • The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university.
  • All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list.
  • All team members must be registered. Registration for the University Challenge event is free.
  • Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).


The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days! University / Student teams can compete solving hack challenges and defending insecure applications.

Attack-Defense System

The challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: CTF System

What is the OWASP UC?


The AppSec conference should take care of:

  • Venue / rooms during the conference training days
  • Feed the students
  • Local pr / announcements at local Universities


Project Leader

Ivan Buetler

Mateo Martinez

Related Projects

OWASP Student Chapters Program

Quick Download

News and Events

In Print


Owasp-incubator-trans-85.png Owasp-builders-small.png
Project Type Files CODE.jpg

Conference Organisation:

  • Announcement
  • Room / Space for the University Challenge
    • Internet connection
    • Video projector (scoring/ranking)
    • Power and extensions
  • Outreach to the local Universities
  • Sponsor for winner prizes
  • Winner announcement during the main track / (before) end of the conference


During the two training days

  • challenges will be organized together with Hacking-Lab
  • Hardware (challenge server) come from Hacking-Lab
  • Hardware (wilreless routers) come form the Education Committee


  • Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students
  • Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference
  • It is recommended to give the University Challenge teams free entrance to the conference


We could need the conference organization team to help finding sponsors for the prices.

Previous events:

Ticket winning" pre-conference challenges:

-> option for conference to offer free tickets via solving Hacking-Lab challenges -> qualifying for UC? -> Team qualifying

   Q1: When typically has the event run at AppSec, during the training days or during conference proper?
   A1: The UC is normally hosted during the training days
   Q2: What size of room or seating capacity has typically been used?
   A2: Depending to the PR and number of teams (teams have a max of 8 members)
   Q3: What prizes are usually awarded?
   A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning
   Q4: Do the teams  have free conference access?
   A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.
   There are no entrance / attendance fees charged previously
   The attendees usually get free access to the conference (because they travel from foreign countries too) 


The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.

About Hacking-Lab

Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents.

Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.

Learn more about:

  • University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)
What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP University Challenge (home page)
Purpose: As first time organized at the OWASP AppSec-US 2011 in Minneapolis, this project is to enable "attack & defend" challenges.

First, at OWASP AppSec conferences, later also to enable this outside AppSec conferences.

License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
  • Ivan Buetler @
  • Mateo Martinez @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ivan Buetler @ to contribute to this project
  • Contact Ivan Buetler @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases