[Owasp-leaders] Assistance with Training

Milton Smith milton.smith at owasp.org
Fri Aug 11 15:12:26 UTC 2017


Hi Laura,

Someone is running a CTF for OWASP at AppSecUSA.  Not sure who that is but I’m sure someone on the list listening can provide a name.  For ideas on how a CTF works there’s a blog by a group that helped host a CTF at a previous DEFCON event.  Describes how the event is organized.
https://blog.legitbs.net/2016/04/what-is-capture-flag.html <https://blog.legitbs.net/2016/04/what-is-capture-flag.html>

For some ideas about vulnerable sites you can take a look at projects like WebGoat and Hackmebank for ideas.  The only thing about these sources is that people that participate in CTF’s often will very likely have some experience with them.  Of course, maybe you can change them up and make a few additions.
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project <https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project>
https://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx <https://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx>

The challenge seems like a constructing a sample vulnerable site that tells a story participants have not seen before along with an architecture that isolates competitors from each other.  Don’t want one player crashing the system of another, leaving bypassed security controls(free points), etc.  

Regards,
Milton Smith


> On Aug 10, 2017, at 3:26 PM, Laura Bigram <laura.bigram at owasp.org> wrote:
> 
> Good Day All
> 
> I was recently asked by a branch of the government of Trinidad to create a CTF type event in web application security. The target audience are students ages 15 to 20 who have basic programming skills.
> 
> If anyone has done anything similar and has materials or any advice, it is welcomed.
> 
> Thank you
> Laura
> Chapter Leader of Trinidad and Tobago
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170811/493239db/attachment.html>


More information about the OWASP-Leaders mailing list