[Global_education_committee] OWASP Secure Coding Competition

Mark Bristow mark.bristow at owasp.org
Wed Dec 22 20:51:46 EST 2010


Yes I will be there

On Wed, Dec 22, 2010 at 7:52 PM, kuai hinojosa <kuai.hinojosa at owasp.org>wrote:

> Thank you Mark. Will you be at the summit?
>
> Kuai
>
> On Dec 22, 2010, at 7:38 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
>
> I just managed to get this set up.  Here's a link to the project.
>
>
> <http://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project#tab=Project_About>
> http://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project#tab=Project_About
>
> Work in earnest will likely start in January.
>
> -Mark
>
> On Wed, Nov 24, 2010 at 5:47 PM, kuai hinojosa < <kuai.hinojosa at owasp.org>
> kuai.hinojosa at owasp.org> wrote:
>
>> On Nov 24, 2010, at 5:41 PM, Mark Bristow < <mark.bristow at owasp.org>
>> mark.bristow at owasp.org> wrote:
>>
>> It's actually on my netbook, in another state right now.  I plan to get it
>> to Paulo Monday and get the official page up.  I'll link this thread when
>> that is done.
>>
>>
>> Great!
>>
>>
>> I wouldn't go selling it yet, it's just a project idea, but some of the
>> guys who helped build the AppSecDC CTF and I have been kicking this around
>> for a few months.  I think we have a good outline for a scoring system and
>> for an initial set of requirements (the challenge here is that you have to
>> come up with whole new requirements sets for every competition as once they
>> are released they can't be re-used).
>>
>>
>> Yes, once it is solid, it would be a great event/project to sell to
>> universities. I can see other universities wanting to contribute to such
>> project/event - CSAW at NYU-Poly is a good example.
>>
>>
>> -Mark
>>
>> On Wed, Nov 24, 2010 at 5:33 PM, kuai hinojosa <<kuai.hinojosa at owasp.org><kuai.hinojosa at owasp.org>
>> kuai.hinojosa at owasp.org> wrote:
>>
>>> These are great ideas! Mark can you provide a link to your plan? We need
>>> to be able to sell this to EDU supporters as we  talk to them.
>>>
>>> Kuai
>>>
>>> On Nov 24, 2010, at 5:29 PM, Mark Bristow < <mark.bristow at owasp.org><mark.bristow at owasp.org>
>>> mark.bristow at owasp.org> wrote:
>>>
>>> Fabio,
>>>
>>> Funny you should be mentioning this.  I've been working with the projects
>>> committee to set up a competition just like this (in fact I have a baseline
>>> spec done and have started working a implementation plan).
>>>
>>> My concept was to provide developers requirements a few days ahead of the
>>> competition and provide a cloud based VM.  The entrants would than get thoes
>>> days (say 5) to develop a basic web application based on the requirements.
>>> For each feature implemented, they get a set amount of points, some features
>>> are required and some are more risky than others.  Then we have a team of
>>> pen-testers attack the applications for a fixed period of time (same team
>>> works on all apps, and same amount of time to be fair).  For every
>>> vulnerability the testers find, points are deducted.  Team with the best
>>> score at the end of the competition wins.
>>>
>>> Not sure if it's an exact overlap, buy may combine the "fun" of a CTF
>>> with a developer/secure coding spin.  I'm calling it Secure the Flag.
>>>
>>> I think we could easily build in a "tournament" type system and have
>>> regional/global winners.  My initial thought was to take this competition to
>>> developer conferences (like Java One) and offer prizes, but your model could
>>> work too.
>>>
>>> -Mark
>>>
>>> On Wed, Nov 24, 2010 at 5:11 PM, Fabio Cerullo < <fcerullo at owasp.org><fcerullo at owasp.org><fcerullo at owasp.org>
>>> fcerullo at owasp.org> wrote:
>>>
>>>> Hi Wong,
>>>>
>>>> Nice meeting you at DC! Following up our conversation about a secure
>>>> coding competition let's do a bit of brainstorm so we have a clear roadmap
>>>> to present at the Summit.
>>>>
>>>> Basically the idea is:
>>>>
>>>> - To organize regional competitions across Asia, EU, America, Latin
>>>> America following the same model as the one Cecil Su from OWASP used in
>>>> Singapore.
>>>> - The format would be: 3 day event where teams from universities and
>>>> higher learning education institutes are asked to code an application in a
>>>> secure fashion.
>>>> - The criteria for judging is based both on the functionality of the
>>>> application as well as the security aspects (ie. how many vulnerabilities
>>>> are discovered).
>>>> - Winners of each region will go into an international competition that
>>>> could be held at one of the major OWASP Appsec conferences.
>>>> - Commercial firms could be sponsors/judges of the competition.
>>>> - OWASP being a central part as judge panel/organizer.
>>>>
>>>> I'm including Jeff Williams and the OWASP Global Education Committee in
>>>> this mail as they are very keen to engage with educational institutions.
>>>>
>>>> Thanks,
>>>>
>>>> Fabio
>>>>
>>>>
>>>> _______________________________________________
>>>> Global_education_committee mailing list
>>>>  <Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org>
>>>> Global_education_committee at lists.owasp.org
>>>>  <https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee>
>>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>>
>>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF><http://is.gd/5MTvF>
>>> http://is.gd/5MTvF
>>> AppSec DC 2010 Organizer - <https://www.appsecdc.org><https://www.appsecdc.org><https://www.appsecdc.org>
>>> https://www.appsecdc.org
>>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu><http://is.gd/5MTwu>
>>> http://is.gd/5MTwu
>>>
>>> _______________________________________________
>>> Global_education_committee mailing list
>>> <Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org>
>>> Global_education_committee at lists.owasp.org
>>>  <https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee>
>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>>
>>>
>>
>>
>> --
>> Mark Bristow
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> AppSec DC 2010 Organizer - <https://www.appsecdc.org><https://www.appsecdc.org>
>> https://www.appsecdc.org
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu>
>> http://is.gd/5MTwu
>>
>>
>
>
> --
> Mark Bristow
> (703) 596-5175
> <mark.bristow at owasp.org>mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
> http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
> AppSec DC Organizer - <https://www.appsecdc.org>https://www.appsecdc.org
>
>


-- 
Mark Bristow
(703) 596-5175
mark.bristow at owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101222/ddb34211/attachment-0001.html 


More information about the Global_education_committee mailing list