[Owasp-portuguese] Fwd: [Owasp-leaders] Hack OWASP.org as a pre/during Summit Competition

Carlos Serrão carlos.serrao at iscte.pt
Wed Jan 26 05:46:05 EST 2011


Caros membros,
aqui está um desafio interessante...

Com os melhores cumprimentos.

Begin forwarded message:

> From: dinis cruz <dinis.cruz at owasp.org>
> Date: 26 de Janeiro de 2011 08:41:53 WET
> To: Loredana Mancini <loredana.mancini at business-e.it>, owasp-leaders at lists.owasp.org
> Cc: owasp-leaders-bounces at lists.owasp.org, Mancini Lucilla <Lucilla.Mancini at business-e.it>
> Subject: [Owasp-leaders] Hack OWASP.org as a pre/during Summit Competition
> Reply-To: owasp-leaders at lists.owasp.org
> 
> Loredana has taken the lead on this one and created the page http://www.owasp.org/index.php/Summit_2011/Competition/Hack_OWASP.ORG with details about this competition (she will also be the main point of contact for this competition)
> 
> Before I submit this to the OWASP board for vote, can you please take a look and chip in with your ideas (for example I think that the scope should include offline MediaWiki exploits/vulns and the competition should also continue during the Summit (we are going to set up a 'hacking room' just like we did at the last Summit (we need to think about the prices for the vulns discovered during the Summit))
> 
> Dinis Cruz
> 
> 
> On 21 January 2011 11:02, Loredana Mancini <loredana.mancini at business-e.it> wrote:
> Hi all,
> 
>  
> I would like to pick up this task, and step forward to organise it if you think it still interesting, bye Loredana.
> 
> 
> -----Messaggio originale-----
> Da: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] Per conto di dinis cruz
> Inviato: mercoledì 19 gennaio 2011 17.05
> A: Vlatko Kosturjak
> Cc: owasp-leaders at lists.owasp.org
> Oggetto: Re: [Owasp-leaders] Javascript required for OWASP page?
> 
> I think we should have a competion to see who can hack the owasp.org
> website :)
> 
> The price would be a fully paid (travel+accomodation) ticket to the
> Summit
> 
> Extra kudos points would be given for gaining root on the owasp.org
> server
> 
> Anybody on this list have the cycles to organize this?
> 
> Dinis Cruz
> 
> On 19 Jan 2011, at 15:59, Vlatko Kosturjak <kost at linux.hr> wrote:
> 
> > On 01/19/2011 04:50 PM, dinis cruz wrote:
> >> It shows that owasp.org is in the same 'shape' as 90% of the websites
> >> out there.
> >>
> >> There is a O2 module that shows all the Javascript (files and inline)
> >> code that is loaded by an owasp.org page (it is quite a list)
> >>
> >> Maybe a good working session for the summit would be to consolidate
> >> all owasp.org javascripts and add CSP to it
> >>
> >> In fact we should have a 'hack owasp.org and mediawiki' competition
> >> at
> >> the Summit ....... :) :) :)
> >
> > Especially to find bugs like this (as mediawiki is in PHP):
> > http://gregorkopf.de/slides_berlinsides_2010.pdf
> >
> > Kost
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



--
Carlos Serrão
ISCTE-IUL/ISTA/DCTI | ADETTI-IUL/NetMuST | PT.OWASP

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-portuguese/attachments/20110126/26c91758/attachment.html 


More information about the Owasp-portuguese mailing list