[Global_education_committee] helloSecure at SG Secure Coding Competition

Cecil Su cecil.su at owasp.org
Fri Nov 26 01:28:18 EST 2010

Dear All,

As indicated by Fabio, I am re-writing this piece again based on what we had
organised sometime last year (this year we had concentrated on a CtF instead
at GovWare 2010 at www.govware.sg).

OWASP SG had supported and co-organized the first national secured coding
competition (together with a government body called CSIT) some time last
year. We wanted to stay away (for a change) from the usual CtF-type of
events as Hack-In-The-Box and SyScan are doing around this region on an
annual basis. We (as in Onn Chee, myself and the folks at CSIT) sat down and
planned for this competition.

There were 11 teams that registered for the competition. One team did not
turn up, another team gave up and walked away 2 hours into the competition.
So we were left with 9 other teams that managed to stay throughout the
entire 2 days of coding.

Selected judges came from various vertical industries - aviation, oil&gas,
financial, retail and academic sectors.

There is also a scoring matrix spreadsheet used by the judges which is
pretty comprehensive and goes down to each individual module and components
built with a score tied to each one.

We had commercial sponsors from Microsoft (for the prizes and OS/Dev Studio
2008/platform and Prizes), Fortify, Parasoft for their SCAs and HP (for the
blackbox WebInspect) scanner.

While Microsoft provided the OS and development platform, SCAs were used the
night before the final judging announcements to scan and verify the
application builds submitted by the students. WebInspect was also used as a
blackbox to scan for low-hanging fruits (obviously based on the OWASP Top 20
2007 fine-tuned policy at that time).

Attached are the files relating to the competition:

1. The briefing notes  - These were the notes used for the briefing, they
are a subset of the official problem specification as we did not want to
reveal too much during the briefing
2. Scoring criterias - This is an add-on to the briefing notes that details
the scoring criteria
3. The official problem specification

In the picture enclosed, I am to right of the OWASP banner with the first
and second team winners.

Prizes: http://www.aisp.sg/hellosecure/hellosecurePrizes.html
Rules & Regulations:

A small gallery of some shots taken during the competition:

Hope this is informational enough to be useful for some of you. Let me know
if you have any queries.

Kind regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hsSG_OWASP2.jpg
Type: image/jpeg
Size: 357963 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0001.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hellosecure.gif
Type: image/gif
Size: 120167 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0001.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HelloSecure at SG - Briefing Notes v 1.1.doc
Type: application/msword
Size: 36864 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0003.doc 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HelloSecure at SG v 1.3(official).docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 45214 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Scoring.doc
Type: application/msword
Size: 77312 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0004.doc 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CompetitionAgenda.doc
Type: application/msword
Size: 45568 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_education_committee/attachments/20101126/85b52897/attachment-0005.doc 

More information about the Global_education_committee mailing list