[Global_education_committee] OWASP Secure Coding Competition

Mark Bristow mark.bristow at owasp.org
Wed Dec 22 19:38:05 EST 2010


I just managed to get this set up.  Here's a link to the project.

http://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project#tab=Project_About

Work in earnest will likely start in January.

-Mark

On Wed, Nov 24, 2010 at 5:47 PM, kuai hinojosa <kuai.hinojosa at owasp.org>wrote:

> On Nov 24, 2010, at 5:41 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
>
> It's actually on my netbook, in another state right now.  I plan to get it
> to Paulo Monday and get the official page up.  I'll link this thread when
> that is done.
>
>
> Great!
>
>
> I wouldn't go selling it yet, it's just a project idea, but some of the
> guys who helped build the AppSecDC CTF and I have been kicking this around
> for a few months.  I think we have a good outline for a scoring system and
> for an initial set of requirements (the challenge here is that you have to
> come up with whole new requirements sets for every competition as once they
> are released they can't be re-used).
>
>
> Yes, once it is solid, it would be a great event/project to sell to
> universities. I can see other universities wanting to contribute to such
> project/event - CSAW at NYU-Poly is a good example.
>
>
> -Mark
>
> On Wed, Nov 24, 2010 at 5:33 PM, kuai hinojosa < <kuai.hinojosa at owasp.org>
> kuai.hinojosa at owasp.org> wrote:
>
>> These are great ideas! Mark can you provide a link to your plan? We need
>> to be able to sell this to EDU supporters as we  talk to them.
>>
>> Kuai
>>
>> On Nov 24, 2010, at 5:29 PM, Mark Bristow < <mark.bristow at owasp.org>
>> mark.bristow at owasp.org> wrote:
>>
>> Fabio,
>>
>> Funny you should be mentioning this.  I've been working with the projects
>> committee to set up a competition just like this (in fact I have a baseline
>> spec done and have started working a implementation plan).
>>
>> My concept was to provide developers requirements a few days ahead of the
>> competition and provide a cloud based VM.  The entrants would than get thoes
>> days (say 5) to develop a basic web application based on the requirements.
>> For each feature implemented, they get a set amount of points, some features
>> are required and some are more risky than others.  Then we have a team of
>> pen-testers attack the applications for a fixed period of time (same team
>> works on all apps, and same amount of time to be fair).  For every
>> vulnerability the testers find, points are deducted.  Team with the best
>> score at the end of the competition wins.
>>
>> Not sure if it's an exact overlap, buy may combine the "fun" of a CTF with
>> a developer/secure coding spin.  I'm calling it Secure the Flag.
>>
>> I think we could easily build in a "tournament" type system and have
>> regional/global winners.  My initial thought was to take this competition to
>> developer conferences (like Java One) and offer prizes, but your model could
>> work too.
>>
>> -Mark
>>
>> On Wed, Nov 24, 2010 at 5:11 PM, Fabio Cerullo < <fcerullo at owasp.org><fcerullo at owasp.org>
>> fcerullo at owasp.org> wrote:
>>
>>> Hi Wong,
>>>
>>> Nice meeting you at DC! Following up our conversation about a secure
>>> coding competition let's do a bit of brainstorm so we have a clear roadmap
>>> to present at the Summit.
>>>
>>> Basically the idea is:
>>>
>>> - To organize regional competitions across Asia, EU, America, Latin
>>> America following the same model as the one Cecil Su from OWASP used in
>>> Singapore.
>>> - The format would be: 3 day event where teams from universities and
>>> higher learning education institutes are asked to code an application in a
>>> secure fashion.
>>> - The criteria for judging is based both on the functionality of the
>>> application as well as the security aspects (ie. how many vulnerabilities
>>> are discovered).
>>> - Winners of each region will go into an international competition that
>>> could be held at one of the major OWASP Appsec conferences.
>>> - Commercial firms could be sponsors/judges of the competition.
>>> - OWASP being a central part as judge panel/organizer.
>>>
>>> I'm including Jeff Williams and the OWASP Global Education Committee in
>>> this mail as they are very keen to engage with educational institutions.
>>>
>>> Thanks,
>>>
>>> Fabio
>>>
>>>
>>> _______________________________________________
>>> Global_education_committee mailing list
>>>  <Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org>
>>> Global_education_committee at lists.owasp.org
>>>  <https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee>
>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>>
>>>
>>
>>
>> --
>> Mark Bristow
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> AppSec DC 2010 Organizer - <https://www.appsecdc.org><https://www.appsecdc.org>
>> https://www.appsecdc.org
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu>
>> http://is.gd/5MTwu
>>
>> _______________________________________________
>> Global_education_committee mailing list
>> <Global_education_committee at lists.owasp.org>
>> Global_education_committee at lists.owasp.org
>>  <https://lists.owasp.org/mailman/listinfo/global_education_committee>
>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>
>>
>
>
> --
> Mark Bristow
>
> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
> http://is.gd/5MTvF
> AppSec DC 2010 Organizer - <https://www.appsecdc.org>
> https://www.appsecdc.org
> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101222/1518479f/attachment-0001.html 


More information about the Global_education_committee mailing list