[Global_education_committee] OWASP Secure Coding Competition

Mark Bristow mark.bristow at owasp.org
Thu Dec 23 09:05:28 EST 2010


Doubt it will be ready by then.

-Mark

Sent from my wireless device

On Dec 23, 2010, at 1:05 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> So are we going to run the first edition of this at the Summit? :)
> 
> Dinis Cruz
> 
> On 23 December 2010 01:51, Mark Bristow <mark.bristow at owasp.org> wrote:
> Yes I will be there
> 
> 
> On Wed, Dec 22, 2010 at 7:52 PM, kuai hinojosa <kuai.hinojosa at owasp.org> wrote:
> Thank you Mark. Will you be at the summit? 
> 
> Kuai
> 
> On Dec 22, 2010, at 7:38 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
> 
>> I just managed to get this set up.  Here's a link to the project.
>> 
>> http://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project#tab=Project_About
>> 
>> Work in earnest will likely start in January.
>> 
>> -Mark
>> 
>> On Wed, Nov 24, 2010 at 5:47 PM, kuai hinojosa <kuai.hinojosa at owasp.org> wrote:
>> On Nov 24, 2010, at 5:41 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
>> 
>>> It's actually on my netbook, in another state right now.  I plan to get it to Paulo Monday and get the official page up.  I'll link this thread when that is done.
>> 
>> Great!
>> 
>>> 
>>> I wouldn't go selling it yet, it's just a project idea, but some of the guys who helped build the AppSecDC CTF and I have been kicking this around for a few months.  I think we have a good outline for a scoring system and for an initial set of requirements (the challenge here is that you have to come up with whole new requirements sets for every competition as once they are released they can't be re-used).  
>> 
>> Yes, once it is solid, it would be a great event/project to sell to universities. I can see other universities wanting to contribute to such project/event - CSAW at NYU-Poly is a good example.
>> 
>>> 
>>> -Mark
>>> 
>>> On Wed, Nov 24, 2010 at 5:33 PM, kuai hinojosa <kuai.hinojosa at owasp.org> wrote:
>>> These are great ideas! Mark can you provide a link to your plan? We need to be able to sell this to EDU supporters as we  talk to them.
>>> 
>>> Kuai
>>> 
>>> On Nov 24, 2010, at 5:29 PM, Mark Bristow <mark.bristow at owasp.org> wrote:
>>> 
>>>> Fabio,
>>>> 
>>>> Funny you should be mentioning this.  I've been working with the projects committee to set up a competition just like this (in fact I have a baseline spec done and have started working a implementation plan).
>>>> 
>>>> My concept was to provide developers requirements a few days ahead of the competition and provide a cloud based VM.  The entrants would than get thoes days (say 5) to develop a basic web application based on the requirements.  For each feature implemented, they get a set amount of points, some features are required and some are more risky than others.  Then we have a team of pen-testers attack the applications for a fixed period of time (same team works on all apps, and same amount of time to be fair).  For every vulnerability the testers find, points are deducted.  Team with the best score at the end of the competition wins.
>>>> 
>>>> Not sure if it's an exact overlap, buy may combine the "fun" of a CTF with a developer/secure coding spin.  I'm calling it Secure the Flag.
>>>> 
>>>> I think we could easily build in a "tournament" type system and have regional/global winners.  My initial thought was to take this competition to developer conferences (like Java One) and offer prizes, but your model could work too.
>>>> 
>>>> -Mark
>>>> 
>>>> On Wed, Nov 24, 2010 at 5:11 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>>> Hi Wong,
>>>> 
>>>> Nice meeting you at DC! Following up our conversation about a secure coding competition let's do a bit of brainstorm so we have a clear roadmap to present at the Summit.
>>>> 
>>>> Basically the idea is:
>>>> 
>>>> - To organize regional competitions across Asia, EU, America, Latin America following the same model as the one Cecil Su from OWASP used in Singapore.
>>>> - The format would be: 3 day event where teams from universities and higher learning education institutes are asked to code an application in a secure fashion.
>>>> - The criteria for judging is based both on the functionality of the application as well as the security aspects (ie. how many vulnerabilities are discovered).
>>>> - Winners of each region will go into an international competition that could be held at one of the major OWASP Appsec conferences.
>>>> - Commercial firms could be sponsors/judges of the competition.
>>>> - OWASP being a central part as judge panel/organizer.
>>>> 
>>>> I'm including Jeff Williams and the OWASP Global Education Committee in this mail as they are very keen to engage with educational institutions.
>>>> 
>>>> Thanks,
>>>> 
>>>> Fabio
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Global_education_committee mailing list
>>>> Global_education_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> Mark Bristow
>>>> 
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> AppSec DC 2010 Organizer - https://www.appsecdc.org
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> _______________________________________________
>>>> Global_education_committee mailing list
>>>> Global_education_committee at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/global_education_committee
>>> 
>>> 
>>> 
>>> -- 
>>> Mark Bristow
>>> 
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> AppSec DC 2010 Organizer - https://www.appsecdc.org
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> 
>> 
>> 
>> -- 
>> Mark Bristow
>> (703) 596-5175
>> mark.bristow at owasp.org
>> 
>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>> AppSec DC Organizer - https://www.appsecdc.org
>> 
> 
> 
> 
> -- 
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
> 
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
> 
> 
> _______________________________________________
> Global_education_committee mailing list
> Global_education_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_education_committee
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101223/c0743149/attachment-0001.html 


More information about the Global_education_committee mailing list