2. What’s OWASP A&D Project?
• A&D stands for Attack and Defense.
• OWASP A&D Project is a
Deliberately Vulnerable Web-application
Interactive Platform focuses on web application
developers to fix its vulnerabilities through the
real world like environment.
– We call this platform A&D platform.
• The project aim is participants to acquire skills of
find and fix web application vulnerabilities.
3. A&D Platform
• The platform will include
– standalone mode for self-study
– Competition mode mode for event
• The platform will support
– automatic attack to the web application
– Status check for web application vulnerabilities
4. A&D Platform
A&D Platform Overview(Competition Mode)
Operator’s
Server
Participant’s
servers
Status Check
Attack
Fix And Search
(SSH)
View Status
and Ranking
(HTTP)
5. Competition Mode
• Competition mode is for multi users event.
• We will provide
– Ranking and Score Graph
– Auto Scoring
– Match system like Tennis
6. A&D Platform Overview(Standalone Mode)
A&D Platform
Check Server
(Automated
Or
Manual)
Challenge’s
Servers
Status Check
Attack
Fix And Search
(SSH)
View Status
(HTTP)
7. Standalone Mode
• Standalone mode is for Self-Study.
• Standalone mode concept is developer can
study at home.
• We will provide study environment include
vulnerabilities description.
• We will provide some challenges what
adjusted a insecure web application for A&D
event.
8. Roadmap of next 6 months
• develop A&D platform.
• develop 3 insecure web application for the
platform.
• create A&D Quick Start Guide for Event .
• create A&D Quick Start Guide for Self-Study.
• Finalize the A&D project and have it reviewed to
be promoted from an Incubator Project to a Lab
Project.
9. Deliverables of next 6 months
• Attack and Defense Quick Start Guide(PDF).
– For Event, For Self-Study.
• A&D Platform
– source code, docker image, and vm image.
• Three Insecure web application
– source code, docker image, and vm image.