[Owasp-leaders] Javascript required for OWASP page?

dinis cruz dinis.cruz at owasp.org
Wed Jan 19 11:04:40 EST 2011


I think we should have a competion to see who can hack the owasp.org
website :)

The price would be a fully paid (travel+accomodation) ticket to the
Summit

Extra kudos points would be given for gaining root on the owasp.org
server

Anybody on this list have the cycles to organize this?

Dinis Cruz

On 19 Jan 2011, at 15:59, Vlatko Kosturjak <kost at linux.hr> wrote:

> On 01/19/2011 04:50 PM, dinis cruz wrote:
>> It shows that owasp.org is in the same 'shape' as 90% of the websites
>> out there.
>>
>> There is a O2 module that shows all the Javascript (files and inline)
>> code that is loaded by an owasp.org page (it is quite a list)
>>
>> Maybe a good working session for the summit would be to consolidate
>> all owasp.org javascripts and add CSP to it
>>
>> In fact we should have a 'hack owasp.org and mediawiki' competition
>> at
>> the Summit ....... :) :) :)
>
> Especially to find bugs like this (as mediawiki is in PHP):
> http://gregorkopf.de/slides_berlinsides_2010.pdf
>
> Kost


More information about the OWASP-Leaders mailing list