Download to read offline
Uploaded byYuichi Hattori
OWASP A&D Project
The OWASP A&D Project aims to create an interactive platform called the A&D Platform to help web application developers learn how to find and fix vulnerabilities. The platform will have both a standalone mode for self-study and a competition mode for events. In competition mode, participants will compete to fix vulnerabilities on their servers, while viewing rankings and scores. The standalone mode allows individual study at home through vulnerability challenges and descriptions. Over the next six months, the project plans to develop the A&D Platform along with three insecure web applications for testing, and documentation for both self-study and hosting events.
![529 owasp top 10 2013 - rc1[1]](https://cdn.slidesharecdn.com/ss_thumbnails/529owasptop10-2013-rc11-140124144020-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
![529 owasp top 10 2013 - rc1[1]](https://cdn.slidesharecdn.com/ss_thumbnails/529owasptop10-2013-rc11-140124144158-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture](https://cdn.slidesharecdn.com/ss_thumbnails/owasp-bulgara-g-geshev-120701083350-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
OWASP A&D Project
- 1. OWASP A&D Project OWASPA&D Project Leaders Takaharu Ogasa Yuichi Hattori Shota Sato Apr 15, 2018
- 2. What’s OWASP A&DProject? • A&D stands for Attack and Defense. • OWASP A&D Project is a Deliberately Vulnerable Web-application Interactive Platform focuses on web application developers to fix its vulnerabilities through the real world like environment. – We call this platform A&D platform. • The project aim is participants to acquire skills of find and fix web application vulnerabilities.
- 3. A&D Platform • Theplatform will include – standalone mode for self-study – Competition mode mode for event • The platform will support – automatic attack to the web application – Status check for web application vulnerabilities
- 4. A&D Platform A&D PlatformOverview(Competition Mode) Operator’s Server Participant’s servers Status Check Attack Fix And Search (SSH) View Status and Ranking (HTTP)
- 5. Competition Mode • Competitionmode is for multi users event. • We will provide – Ranking and Score Graph – Auto Scoring – Match system like Tennis
- 6. A&D Platform Overview(StandaloneMode) A&D Platform Check Server (Automated Or Manual) Challenge’s Servers Status Check Attack Fix And Search (SSH) View Status (HTTP)
- 7. Standalone Mode • Standalonemode is for Self-Study. • Standalone mode concept is developer can study at home. • We will provide study environment include vulnerabilities description. • We will provide some challenges what adjusted a insecure web application for A&D event.
- 8. Roadmap of next6 months • develop A&D platform. • develop 3 insecure web application for the platform. • create A&D Quick Start Guide for Event . • create A&D Quick Start Guide for Self-Study. • Finalize the A&D project and have it reviewed to be promoted from an Incubator Project to a Lab Project.
- 9. Deliverables of next6 months • Attack and Defense Quick Start Guide(PDF). – For Event, For Self-Study. • A&D Platform – source code, docker image, and vm image. • Three Insecure web application – source code, docker image, and vm image.