[Owasp-leaders] Hack OWASP.org as a pre/during Summit Competition

Harisfazillah Jamel linuxmalaysia at gmail.com
Wed Jan 26 08:13:12 EST 2011


I disagree using hacking to find vulnerabilities, as a way of promoting.

It's hard to find a contest that relate to hardening of server and
application or making codes better as part of a contest. We already
expose OWASP members with many ways of finding vulnerabilities. Lets
we balance with how to defense ourself from attack.

For example. We ask the contestant to fixed problem with all the
vulnerabilities listed and make report on the effort.

Or we can balance both. They find the vulnerabilities and do the
reports on how to fix it.

Haris ....

On Wed, Jan 26, 2011 at 6:18 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
> This practice is starting to be quite common these days. Google, Microsoft,
> Mozilla (and others) have similar arrangements.
> But you raise good questions, and we should have answers for it on an FAQ
> (Loredana can you add an FAQ to that page (here is a good template
> http://www.owasp.org/index.php/Summit_2011_FAQ))

More information about the OWASP-Leaders mailing list