OWASP Hacking Lab

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Hacking Lab
OWASP Hacking Lab is providing free remote security (web) challenges and riddles (OWASP TOP 10, OWASP WebGoat, OWASP Hackademics). It differs from other damn vulnerable applications and sites with it's unique teacher application. Every challenge is asking for the vulnerability, exploit and mitigation. Send in your solution and other OWASP volunteers will grade your submission. A system where you can interact with human beings.

Introduction
Currently, there is one challenge, the OWASP TopTen with currently 1164 registered users and +500 solutions send in and verified by the OWASP teachers! The goal is to provide an open and transparent process about the challenges, the teachers and continuously working on extending the available challenges.

Description
Available challenges

OWASP TopTen Hands-On Training


 * Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=245&uk=

OWASP Hackademic Hands-On Training
 * Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=302&uk=

OWASP WebGoat Hands-On Training
 * Free registration: https://www.hacking-lab.com/events/registerform.html?eventid=557&uk=

Licensing
OWASP Hacking Lab is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is Hacking Lab
OWASP Hacking Lab provides:


 * OWASP Top 10
 * OWASP WebGoat
 * OWASP Hackademic
 * University Challenges
 * Fun Challenges

Presentation
Link to presentation

Project Leaders
[mailto:ivan.buetler@owasp.org Ivan Buetler]

[mailto:Mateo.Martinez@owasp.org Mateo Martinez]

Related Projects

 * OWASP_CISO_Survey


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * Link to page/download

News and Events

 * [20 Nov 2013] News 2
 * [30 Sep 2013] News 1

In Print
This project can be purchased as a print on demand book from Lulu.com

Classifications

 * }

=FAQs=

Solution Grading & Evaluation Guidelines for Teachers

 * Always be polite
 * Never ever be unpolite. No matter what comment or question you receive!
 * You are OWASP's interface, behave mature and polite.
 * Comment in positive phrasing
 * E.g. if partially scored has been achieved, congratulate them
 * If the solution contains a good write-up, let them know you appreciate!
 * If they thank you for the event, return the favor e.g. thanks for contributing
 * Teaching and mentoring
 * If a previous suggestion is not understand, try to rephrase
 * No abusive language is permitted
 * If you receive any in a solution, don't 'hit back'
 * See what is causing the frustration, see if you can help is, let Ivan or Martin know

Rating:

 * Understanding the vulnerability is essential
 * If a solution describes the vulnerability, this does scores points.


 * Mitigation scores higher than hacking:
 * We are training security awareness! If mitigation is asked as part of the solution, this scores higher then exploitation
 * Exploiting is essential
 * The exploit has to be proven, but a solution that describes the exploit detailed, this is fine too!
 * Give points when possible
 * If not the complete answer has been supplied, give partial points when possible.
 * Only reject if:
 * there is no solution (e.g. a question asked by the student)
 * the solution is answering the wrong challenge
 * the vulnerability / exploit / mitigation has clearly not been understood


 * Rating example:
 * If you have 10 points to give this is how to divide them:
 * 3 Points for vulnerability description
 * 3 Points for proven exploit
 * 4 Points for complete mitigation description

= Acknowledgements =

Volunteers
OWASP Hacking-Lab is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * Ivan Buetler
 * Martin Knobloch
 * Mateo Martinez

Volunteer Roles

 * Challenge developer
 * Challenge tester
 * LiveCD developer
 * Teachers (solution grading)
 * University Challenge Organizer

= Road Map and Getting Involved =

Involvement in the development and promotion of Hack Lab is actively encouraged! You do not have to be a security expert in order to contribute.

Become an OWASP challenge participant/student

 * Register to a free OWASP Hands-On Training (see tab "Available Challenges")
 * Sign-Up a Hacking-Lab account
 * Prepare your client infrastructure (recommended LiveCD from http://media.hacking-lab.com/)
 * Setup VPN from within your LiveCD
 * Read the challenge description (once registered in the first step)
 * Submit your solution into the HL portal
 * OWASP volunteers will grade your submission

Become an OWASP teacher

 * Solve the challenges as participant/student first
 * Make yourself familiar with the OWASP TOP 10, Hackademics and WebGoat challenges
 * Ask for becoming a teacher to the project leaders

Become an OWASP challenge developer

 * Solve the challenges as participant/student first
 * Submit your challenge ideas (using the challenge concept template)
 * Create your challenge

Become an OWASP challenge tester

 * Solve the challenges as participant/student first
 * Submit your feedback and ideas how to improve the challenges

=University Challenge=

Introduction
The OWASP Hacking-Lab project is the framework used for the OWASP AppSec University Challenges.

This is an on-site university team versus university team competition run during the training days of an AppSec conference. See more here: https://www.owasp.org/index.php/OWASP_University_Challenge
 * OWASP AppSec US 2011 (http://2011.appsecusa.org/edu_ctf.html)
 * OWASP AppSec EU Greece, Athens
 * OWASP AppSec EU Germany, Hamburg (https://www.owasp.org/index.php/AppSecEU2013/Uni-Challenge)

Please review UC faq: https://www.owasp.org/index.php/OWASP_University_Challenge#tab=FAQs

=Project About=