SlideShare a Scribd company logo

OWASP A&D Project

Download as PPTX, PDF
Yuichi Hattori
Yuichi Hattori

OWASP A&D Project Introduction

Technology
1 of 9
OWASP A&D Project OWASP A&D Project Leaders Takaharu Ogasa Yuichi Hattori Shota Sato Apr 15, 2018
What’s OWASP A&D Project? • A&D stands for Attack and Defense. • OWASP A&D Project is a Deliberately Vulnerable Web-application Interactive Platform focuses on web application developers to fix its vulnerabilities through the real world like environment. – We call this platform A&D platform. • The project aim is participants to acquire skills of find and fix web application vulnerabilities.
A&D Platform • The platform will include – standalone mode for self-study – Competition mode mode for event • The platform will support – automatic attack to the web application – Status check for web application vulnerabilities
A&D Platform A&D Platform Overview(Competition Mode) Operator’s Server Participant’s servers Status Check Attack Fix And Search (SSH) View Status and Ranking (HTTP)
Competition Mode • Competition mode is for multi users event. • We will provide – Ranking and Score Graph – Auto Scoring – Match system like Tennis
A&D Platform Overview(Standalone Mode) A&D Platform Check Server (Automated Or Manual) Challenge’s Servers Status Check Attack Fix And Search (SSH) View Status (HTTP)
Standalone Mode • Standalone mode is for Self-Study. • Standalone mode concept is developer can study at home. • We will provide study environment include vulnerabilities description. • We will provide some challenges what adjusted a insecure web application for A&D event.
Roadmap of next 6 months • develop A&D platform. • develop 3 insecure web application for the platform. • create A&D Quick Start Guide for Event . • create A&D Quick Start Guide for Self-Study. • Finalize the A&D project and have it reviewed to be promoted from an Incubator Project to a Lab Project.
Deliverables of next 6 months • Attack and Defense Quick Start Guide(PDF). – For Event, For Self-Study. • A&D Platform – source code, docker image, and vm image. • Three Insecure web application – source code, docker image, and vm image.

Recommended

OWASP A&D Project Competition Mode
OWASP A&D Project Competition ModeOWASP A&D Project Competition Mode
OWASP A&D Project Competition ModeYuichi Hattori
 
Introduction to test automation
Introduction to test automationIntroduction to test automation
Introduction to test automationNibu Baby
 
"Experiences Of Test Automation At Spotify" with Kristian Karl
"Experiences Of Test Automation At Spotify" with Kristian Karl"Experiences Of Test Automation At Spotify" with Kristian Karl
"Experiences Of Test Automation At Spotify" with Kristian KarlTEST Huddle
 
Zibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibraSoft Technologies
 
Dotcom monitor platform overview
Dotcom monitor platform overviewDotcom monitor platform overview
Dotcom monitor platform overviewtrippj
 
The Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraThe Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraSOASTA
 
The Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraThe Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraSOASTA
 
Load runner & win runner
Load runner & win runnerLoad runner & win runner
Load runner & win runnerHimanshu
 

Recommended

OWASP A&D Project Competition Mode
OWASP A&D Project Competition ModeOWASP A&D Project Competition Mode
OWASP A&D Project Competition ModeYuichi Hattori
 
Introduction to test automation
Introduction to test automationIntroduction to test automation
Introduction to test automationNibu Baby
 
"Experiences Of Test Automation At Spotify" with Kristian Karl
"Experiences Of Test Automation At Spotify" with Kristian Karl"Experiences Of Test Automation At Spotify" with Kristian Karl
"Experiences Of Test Automation At Spotify" with Kristian KarlTEST Huddle
 
Zibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibraSoft Technologies
 
Dotcom monitor platform overview
Dotcom monitor platform overviewDotcom monitor platform overview
Dotcom monitor platform overviewtrippj
 
The Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraThe Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraSOASTA
 
The Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraThe Four Hats of Load and Performance Testing with special guest Mentora
The Four Hats of Load and Performance Testing with special guest MentoraSOASTA
 
Load runner & win runner
Load runner & win runnerLoad runner & win runner
Load runner & win runnerHimanshu
 
Основы нагрузочного тестирования с инструментом Jmeter
Основы нагрузочного тестирования с инструментом JmeterОсновы нагрузочного тестирования с инструментом Jmeter
Основы нагрузочного тестирования с инструментом JmeterКомпьютерная школа Hillel
 
Browser-Based Load Testing with Grafana K6
Browser-Based Load Testing with Grafana K6Browser-Based Load Testing with Grafana K6
Browser-Based Load Testing with Grafana K6Knoldus Inc.
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Accessibility Testing - Using Asqatasun - Meetup Webinar
Accessibility Testing - Using Asqatasun - Meetup WebinarAccessibility Testing - Using Asqatasun - Meetup Webinar
Accessibility Testing - Using Asqatasun - Meetup WebinarKeyur Shah
 
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013TEST Huddle
 
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013TEST Huddle
 
Testdroid:
Testdroid: Testdroid:
Testdroid: Lingkai Shao
 
Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...BugRaptors
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
Android Effective UI: Tips, Tricks and Patterns
Android Effective UI: Tips, Tricks and PatternsAndroid Effective UI: Tips, Tricks and Patterns
Android Effective UI: Tips, Tricks and PatternsAdham Enaya
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingCitiusTech
 
Android workshop
Android workshopAndroid workshop
Android workshopRavi Vyas
 
Client-Side Performance Testing
Client-Side Performance TestingClient-Side Performance Testing
Client-Side Performance TestingAnand Bagmar
 
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...Agile Testing Alliance
 
Mobile+API
Mobile+APIMobile+API
Mobile+APIMiguel Paraz
 
Habits of Highly Effective Platform Teams: Unlocking the Value of PCF
Habits of Highly Effective Platform Teams: Unlocking the Value of PCFHabits of Highly Effective Platform Teams: Unlocking the Value of PCF
Habits of Highly Effective Platform Teams: Unlocking the Value of PCFVMware Tanzu
 
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...Chris Sparshott
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1tactqa
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1tactqa
 
Software Testing includes Performance testing with Load Runner and the JMeter
Software Testing includes Performance testing with Load Runner and the JMeter Software Testing includes Performance testing with Load Runner and the JMeter
Software Testing includes Performance testing with Load Runner and the JMeter Hima Bindu Kosuru
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 

More Related Content

Similar to OWASP A&D Project

Основы нагрузочного тестирования с инструментом Jmeter
Основы нагрузочного тестирования с инструментом JmeterОсновы нагрузочного тестирования с инструментом Jmeter
Основы нагрузочного тестирования с инструментом JmeterКомпьютерная школа Hillel
 
Browser-Based Load Testing with Grafana K6
Browser-Based Load Testing with Grafana K6Browser-Based Load Testing with Grafana K6
Browser-Based Load Testing with Grafana K6Knoldus Inc.
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Accessibility Testing - Using Asqatasun - Meetup Webinar
Accessibility Testing - Using Asqatasun - Meetup WebinarAccessibility Testing - Using Asqatasun - Meetup Webinar
Accessibility Testing - Using Asqatasun - Meetup WebinarKeyur Shah
 
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013TEST Huddle
 
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013TEST Huddle
 
Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...BugRaptors
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter APIAkana
 
Android Effective UI: Tips, Tricks and Patterns
Android Effective UI: Tips, Tricks and PatternsAndroid Effective UI: Tips, Tricks and Patterns
Android Effective UI: Tips, Tricks and PatternsAdham Enaya
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingCitiusTech
 
Android workshop
Android workshopAndroid workshop
Android workshopRavi Vyas
 
Client-Side Performance Testing
Client-Side Performance TestingClient-Side Performance Testing
Client-Side Performance TestingAnand Bagmar
 
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...Agile Testing Alliance
 
Habits of Highly Effective Platform Teams: Unlocking the Value of PCF
Habits of Highly Effective Platform Teams: Unlocking the Value of PCFHabits of Highly Effective Platform Teams: Unlocking the Value of PCF
Habits of Highly Effective Platform Teams: Unlocking the Value of PCFVMware Tanzu
 
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...Chris Sparshott
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1tactqa
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1tactqa
 
Software Testing includes Performance testing with Load Runner and the JMeter
Software Testing includes Performance testing with Load Runner and the JMeter Software Testing includes Performance testing with Load Runner and the JMeter
Software Testing includes Performance testing with Load Runner and the JMeter Hima Bindu Kosuru
 

Similar to OWASP A&D Project (20)

Основы нагрузочного тестирования с инструментом Jmeter
Основы нагрузочного тестирования с инструментом JmeterОсновы нагрузочного тестирования с инструментом Jmeter
Основы нагрузочного тестирования с инструментом Jmeter
 
Browser-Based Load Testing with Grafana K6
Browser-Based Load Testing with Grafana K6Browser-Based Load Testing with Grafana K6
Browser-Based Load Testing with Grafana K6
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API Security
 
Accessibility Testing - Using Asqatasun - Meetup Webinar
Accessibility Testing - Using Asqatasun - Meetup WebinarAccessibility Testing - Using Asqatasun - Meetup Webinar
Accessibility Testing - Using Asqatasun - Meetup Webinar
 
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
 
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013
 
Testdroid:
Testdroid: Testdroid:
Testdroid:
 
Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
Android Effective UI: Tips, Tricks and Patterns
Android Effective UI: Tips, Tricks and PatternsAndroid Effective UI: Tips, Tricks and Patterns
Android Effective UI: Tips, Tricks and Patterns
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation Testing
 
Android workshop
Android workshopAndroid workshop
Android workshop
 
Client-Side Performance Testing
Client-Side Performance TestingClient-Side Performance Testing
Client-Side Performance Testing
 
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...
 
Mobile+API
Mobile+APIMobile+API
Mobile+API
 
Habits of Highly Effective Platform Teams: Unlocking the Value of PCF
Habits of Highly Effective Platform Teams: Unlocking the Value of PCFHabits of Highly Effective Platform Teams: Unlocking the Value of PCF
Habits of Highly Effective Platform Teams: Unlocking the Value of PCF
 
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1
 
Software Testing includes Performance testing with Load Runner and the JMeter
Software Testing includes Performance testing with Load Runner and the JMeter Software Testing includes Performance testing with Load Runner and the JMeter
Software Testing includes Performance testing with Load Runner and the JMeter
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

OWASP A&D Project

  • 1. OWASP A&D Project OWASP A&D Project Leaders Takaharu Ogasa Yuichi Hattori Shota Sato Apr 15, 2018
  • 2. What’s OWASP A&D Project? • A&D stands for Attack and Defense. • OWASP A&D Project is a Deliberately Vulnerable Web-application Interactive Platform focuses on web application developers to fix its vulnerabilities through the real world like environment. – We call this platform A&D platform. • The project aim is participants to acquire skills of find and fix web application vulnerabilities.
  • 3. A&D Platform • The platform will include – standalone mode for self-study – Competition mode mode for event • The platform will support – automatic attack to the web application – Status check for web application vulnerabilities
  • 4. A&D Platform A&D Platform Overview(Competition Mode) Operator’s Server Participant’s servers Status Check Attack Fix And Search (SSH) View Status and Ranking (HTTP)
  • 5. Competition Mode • Competition mode is for multi users event. • We will provide – Ranking and Score Graph – Auto Scoring – Match system like Tennis
  • 6. A&D Platform Overview(Standalone Mode) A&D Platform Check Server (Automated Or Manual) Challenge’s Servers Status Check Attack Fix And Search (SSH) View Status (HTTP)
  • 7. Standalone Mode • Standalone mode is for Self-Study. • Standalone mode concept is developer can study at home. • We will provide study environment include vulnerabilities description. • We will provide some challenges what adjusted a insecure web application for A&D event.
  • 8. Roadmap of next 6 months • develop A&D platform. • develop 3 insecure web application for the platform. • create A&D Quick Start Guide for Event . • create A&D Quick Start Guide for Self-Study. • Finalize the A&D project and have it reviewed to be promoted from an Incubator Project to a Lab Project.
  • 9. Deliverables of next 6 months • Attack and Defense Quick Start Guide(PDF). – For Event, For Self-Study. • A&D Platform – source code, docker image, and vm image. • Three Insecure web application – source code, docker image, and vm image.