Hackers attack, coders defend, when you get them together you end up with Web War III.
This is a team participation based game. Each team consists of two players, an attacker and a defender. The attacker would be capable of identifying Web Application Vulnerabilities (OWASP Top 10). The defender would be capable of writing secure Java code.
The game has two stages:
- Stage 1 – Cover your baseEach team is given a VM Ware image containing a web server hosting a vulnerable web application. During this stage each team identifies the vulnerabilities in their application.They try to fix the identified vulnerabilities by making code changes.
- Stage 2 – Launch AttackThe IP addresses of the Web Server's of all the teams is announced.
Each team looks for vulnerabilities in the Web Applications of the other teams.
Vulnerabilities found on the opponents' application get positive points.
Vulnerabilities found by the opponents on your application get negative points.
Team with the highest points at the end of Stage 2 wins.
The Web Application used for this game has been specially designed and developed by Venky. It is a Java based application. Java was chosen for its familiarity with developers and also because the ESAPI Java version is the most complete. The VM images provided to the participants contains ESAPI to help them secure their application faster.