[Owasp-leaders] Assistance with Training

Ivan Buetler ivan.buetler at owasp.org
Fri Aug 11 15:29:47 UTC 2017


Hi all,

I am providing a full fledged CTF (jeopardy style and attack/defense) @ several AppSec EU the last couple of years. It’s called “University Challenge”. 
Steven van der Baan is running another CTF
Martin Knobloch is aware of them. 

Cheers
Ivan

Ivan Buetler
ivan.buetler at owasp.org



On 11 Aug 2017, at 17:12, Milton Smith <milton.smith at owasp.org> wrote:

Hi Laura,

Someone is running a CTF for OWASP at AppSecUSA.  Not sure who that is but I’m sure someone on the list listening can provide a name.  For ideas on how a CTF works there’s a blog by a group that helped host a CTF at a previous DEFCON event.  Describes how the event is organized.
https://blog.legitbs.net/2016/04/what-is-capture-flag.html

For some ideas about vulnerable sites you can take a look at projects like WebGoat and Hackmebank for ideas.  The only thing about these sources is that people that participate in CTF’s often will very likely have some experience with them.  Of course, maybe you can change them up and make a few additions.
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
https://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx

The challenge seems like a constructing a sample vulnerable site that tells a story participants have not seen before along with an architecture that isolates competitors from each other.  Don’t want one player crashing the system of another, leaving bypassed security controls(free points), etc.  

Regards,
Milton Smith


> On Aug 10, 2017, at 3:26 PM, Laura Bigram <laura.bigram at owasp.org> wrote:
> 
> Good Day All
> 
> I was recently asked by a branch of the government of Trinidad to create a CTF type event in web application security. The target audience are students ages 15 to 20 who have basic programming skills.
> 
> If anyone has done anything similar and has materials or any advice, it is welcomed.
> 
> Thank you
> Laura
> Chapter Leader of Trinidad and Tobago
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list