[Owasp-leaders] Hack OWASP.org as a pre/during Summit Competition

dinis cruz dinis.cruz at owasp.org
Wed Jan 26 03:41:53 EST 2011


Loredana has taken the lead on this one and created the page
http://www.owasp.org/index.php/Summit_2011/Competition/Hack_OWASP.ORG with
details about this competition (she will also be the main point of contact
for this competition)

Before I submit this to the OWASP board for vote, can you please take a look
and chip in with your ideas (for example I think that the scope should
include offline MediaWiki exploits/vulns and the competition should also
continue during the Summit (we are going to set up a 'hacking room' just
like we did at the last Summit (we need to think about the prices for the
vulns discovered during the Summit))

Dinis Cruz


On 21 January 2011 11:02, Loredana Mancini
<loredana.mancini at business-e.it>wrote:

>  Hi all,
>
>
>
> I would like to pick up this task, and step forward to organise it if you
> think it still interesting, bye Loredana.
>
>
> -----Messaggio originale-----
> Da: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org<owasp-leaders-bounces at lists.owasp.org>]
> Per conto di dinis cruz
> Inviato: mercoledì 19 gennaio 2011 17.05
> A: Vlatko Kosturjak
> Cc: owasp-leaders at lists.owasp.org
> Oggetto: Re: [Owasp-leaders] Javascript required for OWASP page?
>
> I think we should have a competion to see who can hack the owasp.org
> website :)
>
> The price would be a fully paid (travel+accomodation) ticket to the
> Summit
>
> Extra kudos points would be given for gaining root on the owasp.org
> server
>
> Anybody on this list have the cycles to organize this?
>
> Dinis Cruz
>
> On 19 Jan 2011, at 15:59, Vlatko Kosturjak <kost at linux.hr> wrote:
>
> > On 01/19/2011 04:50 PM, dinis cruz wrote:
> >> It shows that owasp.org is in the same 'shape' as 90% of the websites
> >> out there.
> >>
> >> There is a O2 module that shows all the Javascript (files and inline)
> >> code that is loaded by an owasp.org page (it is quite a list)
> >>
> >> Maybe a good working session for the summit would be to consolidate
> >> all owasp.org javascripts and add CSP to it
> >>
> >> In fact we should have a 'hack owasp.org and mediawiki' competition
> >> at
> >> the Summit ....... :) :) :)
> >
> > Especially to find bugs like this (as mediawiki is in PHP):
> > http://gregorkopf.de/slides_berlinsides_2010.pdf
> >
> > Kost
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110126/8c1135d1/attachment.html 


More information about the OWASP-Leaders mailing list