OWASP A&D Project Competition Mode
Apr. 17, 2018•0 likes•404 views
Download to read offline
Report
Technology
OWASP A&D Project Competition Mode Introduction
Yuichi HattoriFollow
Recommended
OWASP A&D ProjectYuichi Hattori
Introduction to test automationNibu Baby
Content Experience Modeling Handout #5: Content Model worksheetAndrea L. Ames
Основы нагрузочного тестирования с инструментом JmeterКомпьютерная школа Hillel
ATAGTR2017 Unified APM: The new age performance monitoring for production sys...Agile Testing Alliance
Performancetestingjmeter 121109061704-phpapp02Shivakumara .
More Related Content
Similar to OWASP A&D Project Competition Mode
S4H_790 IAM - Authorization Concept Guidelines for S4HANA Cloud.pptxITAdmin28
Software Testing includes Performance testing with Load Runner and the JMeter Hima Bindu Kosuru
Using JMeter and Google Analytics for Software Performance TestingXBOSoft
Performance testing with JMeterMikael Kundert
java mini project for college students SWETALEENA2
Load testingMuhammad Faheem
Recently uploaded
CloudStack Object Storage Framework & DemoShapeBlue
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...DianaGray10
What’s new in Kotlin 12-08-2023 Google IO Cairo 23Ahmed Nabil
Generative AI PotentialKapil Khandelwal (KK)
Daily Scrum, Sprint Review & Retrospective.pptxMd. Rakib Trofder
Sell&Buy.pdfDanielle95109
OWASP A&D Project Competition Mode
- OWASP A&D Project Competition Mode OWASP A&D Project Leaders Takaharu Ogasa Yuichi Hattori Shota Sato Apr 17, 2018
- What’s OWASP A&D Project? • A&D stands for Attack and Defense. • OWASP A&D Project is a Deliberately Vulnerable Web-application Interactive Platform focuses on web application developers to fix its vulnerabilities through the real world like environment. – We call this platform A&D platform. • The project aim is participants to acquire skills of find and fix web application vulnerabilities.
- A&D Platform • The platform will include – standalone mode for self-study –Competition mode mode for event • The platform will support – automatic attack to the web application – Status check for web application vulnerabilities
- Competition Mode • Competition mode is for multi users event. • We will provide – Auto Scoring – Ranking and Score Graph – Match system like Tennis
- A&D Platform A&D Platform Overview(Competition Mode) Operator’s Server Participant’s servers Status Check Attack Fix And Search (SSH) View Status and Ranking (HTTP)
- Automatic Attack • Operator’s server provides various attack. • First attack is by X min after at competition start. • Next attack is every Y min after first attack. – Each attack can set different time. A&D Platform Operator’s Server Participant’s servers Attack
- Status Check • Operator’s server checks web app vulnerabilities every X min. A&D Platform Operator’s Server Participant’s servers Status Check
- Auto Scoring • If status checks are success participant get 100 points * number of successes. • If status checks are failed participant’s total points reduce X% * number of failed. – Normally we use 3%. We tried some percentiles. As the result we think 3% is the best parameter.
- Ranking and Score Graph • We provide score graph and ranking on the http. • Participants can see latest ranking, score graph of time series, and status check results of time series. A&D Platform Operator’s Server Participant’s servers View Status and Ranking (HTTP)
- Match System • We think participants repeat same environment is important. – They can fix vulnerabilities more quickly and choices order of fix from effect of vulnerabilities. • We can provide X times match.
- Connection to Participants Server • Participant can login the server by SSH. • Participant fix and search web app on the server. • Web app is set up in user dir. A&D Platform Operator’s Server Participant’s servers Fix And Search (SSH)
- Future work • Use something instead of SSH about connection to participants server. – We think participants use usual development environment is important. – We will provide auto deploy using CI tools or something.