[Global_education_committee] OWASP Secure Coding Competition

dinis cruz dinis.cruz at owasp.org
Thu Dec 23 02:05:06 EST 2010


So are we going to run the first edition of this at the Summit? :)

Dinis Cruz

On 23 December 2010 01:51, Mark Bristow <mark.bristow at owasp.org> wrote:

> Yes I will be there
>
>
> On Wed, Dec 22, 2010 at 7:52 PM, kuai hinojosa <kuai.hinojosa at owasp.org>wrote:
>
>> Thank you Mark. Will you be at the summit?
>>
>> Kuai
>>
>> On Dec 22, 2010, at 7:38 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
>>
>> I just managed to get this set up.  Here's a link to the project.
>>
>>
>> <http://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project#tab=Project_About>
>> http://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project#tab=Project_About
>>
>> Work in earnest will likely start in January.
>>
>> -Mark
>>
>> On Wed, Nov 24, 2010 at 5:47 PM, kuai hinojosa <<kuai.hinojosa at owasp.org>
>> kuai.hinojosa at owasp.org> wrote:
>>
>>> On Nov 24, 2010, at 5:41 PM, Mark Bristow < <mark.bristow at owasp.org>
>>> mark.bristow at owasp.org> wrote:
>>>
>>> It's actually on my netbook, in another state right now.  I plan to get
>>> it to Paulo Monday and get the official page up.  I'll link this thread when
>>> that is done.
>>>
>>>
>>> Great!
>>>
>>>
>>> I wouldn't go selling it yet, it's just a project idea, but some of the
>>> guys who helped build the AppSecDC CTF and I have been kicking this around
>>> for a few months.  I think we have a good outline for a scoring system and
>>> for an initial set of requirements (the challenge here is that you have to
>>> come up with whole new requirements sets for every competition as once they
>>> are released they can't be re-used).
>>>
>>>
>>> Yes, once it is solid, it would be a great event/project to sell to
>>> universities. I can see other universities wanting to contribute to such
>>> project/event - CSAW at NYU-Poly is a good example.
>>>
>>>
>>> -Mark
>>>
>>> On Wed, Nov 24, 2010 at 5:33 PM, kuai hinojosa <<kuai.hinojosa at owasp.org><kuai.hinojosa at owasp.org>
>>> kuai.hinojosa at owasp.org> wrote:
>>>
>>>> These are great ideas! Mark can you provide a link to your plan? We need
>>>> to be able to sell this to EDU supporters as we  talk to them.
>>>>
>>>> Kuai
>>>>
>>>> On Nov 24, 2010, at 5:29 PM, Mark Bristow < <mark.bristow at owasp.org><mark.bristow at owasp.org>
>>>> mark.bristow at owasp.org> wrote:
>>>>
>>>> Fabio,
>>>>
>>>> Funny you should be mentioning this.  I've been working with the
>>>> projects committee to set up a competition just like this (in fact I have a
>>>> baseline spec done and have started working a implementation plan).
>>>>
>>>> My concept was to provide developers requirements a few days ahead of
>>>> the competition and provide a cloud based VM.  The entrants would than get
>>>> thoes days (say 5) to develop a basic web application based on the
>>>> requirements.  For each feature implemented, they get a set amount of
>>>> points, some features are required and some are more risky than others.
>>>> Then we have a team of pen-testers attack the applications for a fixed
>>>> period of time (same team works on all apps, and same amount of time to be
>>>> fair).  For every vulnerability the testers find, points are deducted.  Team
>>>> with the best score at the end of the competition wins.
>>>>
>>>> Not sure if it's an exact overlap, buy may combine the "fun" of a CTF
>>>> with a developer/secure coding spin.  I'm calling it Secure the Flag.
>>>>
>>>> I think we could easily build in a "tournament" type system and have
>>>> regional/global winners.  My initial thought was to take this competition to
>>>> developer conferences (like Java One) and offer prizes, but your model could
>>>> work too.
>>>>
>>>> -Mark
>>>>
>>>> On Wed, Nov 24, 2010 at 5:11 PM, Fabio Cerullo < <fcerullo at owasp.org><fcerullo at owasp.org><fcerullo at owasp.org>
>>>> fcerullo at owasp.org> wrote:
>>>>
>>>>> Hi Wong,
>>>>>
>>>>> Nice meeting you at DC! Following up our conversation about a secure
>>>>> coding competition let's do a bit of brainstorm so we have a clear roadmap
>>>>> to present at the Summit.
>>>>>
>>>>> Basically the idea is:
>>>>>
>>>>> - To organize regional competitions across Asia, EU, America, Latin
>>>>> America following the same model as the one Cecil Su from OWASP used in
>>>>> Singapore.
>>>>> - The format would be: 3 day event where teams from universities and
>>>>> higher learning education institutes are asked to code an application in a
>>>>> secure fashion.
>>>>> - The criteria for judging is based both on the functionality of the
>>>>> application as well as the security aspects (ie. how many vulnerabilities
>>>>> are discovered).
>>>>> - Winners of each region will go into an international competition that
>>>>> could be held at one of the major OWASP Appsec conferences.
>>>>> - Commercial firms could be sponsors/judges of the competition.
>>>>> - OWASP being a central part as judge panel/organizer.
>>>>>
>>>>> I'm including Jeff Williams and the OWASP Global Education Committee in
>>>>> this mail as they are very keen to engage with educational institutions.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Fabio
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Global_education_committee mailing list
>>>>>  <Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org>
>>>>> Global_education_committee at lists.owasp.org
>>>>>  <https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee>
>>>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Mark Bristow
>>>>
>>>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF><http://is.gd/5MTvF>
>>>> http://is.gd/5MTvF
>>>> AppSec DC 2010 Organizer - <https://www.appsecdc.org><https://www.appsecdc.org><https://www.appsecdc.org>
>>>> https://www.appsecdc.org
>>>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu><http://is.gd/5MTwu>
>>>> http://is.gd/5MTwu
>>>>
>>>> _______________________________________________
>>>> Global_education_committee mailing list
>>>> <Global_education_committee at lists.owasp.org><Global_education_committee at lists.owasp.org>
>>>> Global_education_committee at lists.owasp.org
>>>>  <https://lists.owasp.org/mailman/listinfo/global_education_committee><https://lists.owasp.org/mailman/listinfo/global_education_committee>
>>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>>>
>>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>>
>>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF><http://is.gd/5MTvF>
>>> http://is.gd/5MTvF
>>> AppSec DC 2010 Organizer - <https://www.appsecdc.org><https://www.appsecdc.org>
>>> https://www.appsecdc.org
>>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu> <http://is.gd/5MTwu>
>>> http://is.gd/5MTwu
>>>
>>>
>>
>>
>> --
>> Mark Bristow
>> (703) 596-5175
>> <mark.bristow at owasp.org>mark.bristow at owasp.org
>>
>> OWASP Global Conferences Committee Chair - <http://is.gd/5MTvF>
>> http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - <http://is.gd/5MTwu>http://is.gd/5MTwu
>> AppSec DC Organizer - <https://www.appsecdc.org>https://www.appsecdc.org
>>
>>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>
> _______________________________________________
> Global_education_committee mailing list
> Global_education_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_education_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101223/97d19e43/attachment.html 


More information about the Global_education_committee mailing list