[Owasp-leaders] Javascript required for OWASP page?

Steven van der Baan steven.van.der.Baan at owasp.org
Wed Jan 19 15:22:51 EST 2011


The CTF project is designed to be a bounty program, but then targeted at
conferences to add a small competition/fun fact to the days. A possibility
is to add some of these challenges to the server dinis is referring to.

Regards,
Steven.

On 19 January 2011 18:40, dinis cruz <dinis.cruz at owasp.org> wrote:

> Sweet, so Michael, since you have direct access to a company that is
> already doing this, can you help to set this up for owasp? (let's start with
> the Summit as a first step)
>
> Note that before we push this live, a owasp board vote will be required
>
> Dinis Cruz
>
> On 19 Jan 2011, at 17:35, Michael Coates <michael.coates at owasp.org> wrote:
>
> We will be discussing considerations for bug bounty programs / hack
> competitions during the Enterprise Web Defense Roundtable.  I recommend
> interested people to attend.
>
> *Objectives*
>
>    1. What techniques are effective for scaling web security within a
>    large company?
>    2. Strategies for developer education that work?
>    3. Automated defenses - what techniques are currently in use?
>    4. *Benefits/considerations for using bounty programs*
>    5. What can OWASP build or develop to assist with enterprise wide
>    application security?
>
>
> <http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
> http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068
>
>
>
>
> Michael Coates
> OWASP
>
>
>
> On Jan 19, 2011, at 8:04 AM, dinis cruz wrote:
>
> I think we should have a competion to see who can hack the
> <http://owasp.org>owasp.org
> website :)
>
> The price would be a fully paid (travel+accomodation) ticket to the
> Summit
>
> Extra kudos points would be given for gaining root on the
> <http://owasp.org>owasp.org
> server
>
> Anybody on this list have the cycles to organize this?
>
> Dinis Cruz
>
> On 19 Jan 2011, at 15:59, Vlatko Kosturjak <kost at linux.hr> wrote:
>
> On 01/19/2011 04:50 PM, dinis cruz wrote:
>
> It shows that owasp.org is in the same 'shape' as 90% of the websites
>
> out there.
>
>
> There is a O2 module that shows all the Javascript (files and inline)
>
> code that is loaded by an owasp.org page (it is quite a list)
>
>
> Maybe a good working session for the summit would be to consolidate
>
> all owasp.org javascripts and add CSP to it
>
>
> In fact we should have a 'hack owasp.org and mediawiki' competition
>
> at
>
> the Summit ....... :) :) :)
>
>
> Especially to find bugs like this (as mediawiki is in PHP):
>
> http://gregorkopf.de/slides_berlinsides_2010.pdf
>
>
> Kost
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110119/955a5126/attachment.html 


More information about the OWASP-Leaders mailing list