OWASP A&D Project

•Download as PPTX, PDF•

1 like•543 views

OWASP A&D Project Introduction

OWASP A&D Project
OWASP A&D Project Leaders
Takaharu Ogasa
Yuichi Hattori
Shota Sato
Apr 15, 2018

What’s OWASP A&D Project?
• A&D stands for Attack and Defense.
• OWASP A&D Project is a
Deliberately Vulnerable Web-application
Interactive Platform focuses on web application
developers to fix its vulnerabilities through the
real world like environment.
– We call this platform A&D platform.
• The project aim is participants to acquire skills of
find and fix web application vulnerabilities.

A&D Platform
• The platform will include
– standalone mode for self-study
– Competition mode mode for event
• The platform will support
– automatic attack to the web application
– Status check for web application vulnerabilities

A&D Platform
A&D Platform Overview(Competition Mode)
Operator’s
Server
Participant’s
servers
Status Check
Attack
Fix And Search
(SSH)
View Status
and Ranking
(HTTP)

Competition Mode
• Competition mode is for multi users event.
• We will provide
– Ranking and Score Graph
– Auto Scoring
– Match system like Tennis

A&D Platform Overview(Standalone Mode)
A&D Platform
Check Server
(Automated
Or
Manual)
Challenge’s
Servers
Status Check
Attack
Fix And Search
(SSH)
View Status
(HTTP)

Standalone Mode
• Standalone mode is for Self-Study.
• Standalone mode concept is developer can
study at home.
• We will provide study environment include
vulnerabilities description.
• We will provide some challenges what
adjusted a insecure web application for A&D
event.

Roadmap of next 6 months
• develop A&D platform.
• develop 3 insecure web application for the
platform.
• create A&D Quick Start Guide for Event .
• create A&D Quick Start Guide for Self-Study.
• Finalize the A&D project and have it reviewed to
be promoted from an Incubator Project to a Lab
Project.

Deliverables of next 6 months
• Attack and Defense Quick Start Guide(PDF).
– For Event, For Self-Study.
• A&D Platform
– source code, docker image, and vm image.
• Three Insecure web application
– source code, docker image, and vm image.

More Related Content

Similar to OWASP A&D Project

Анна Горб — преподаватель Компьютерной школы Hillel, Scrum Master/Team Lead в Luxoft Приобщилась к тестированию в 2007 году в Днепропетровской компании Aquasoft. За 7 месяцев сделала головокружительную карьеру до QA Lead небольшой группы тестирования. С 2010 года работает в компании Luxoft. На разных проектах, банковских и не очень. С 2013 году аттестована как тренер. Любит делиться с людьми своими знаниями и опытом. Ведет тренинги как по прикладному тестированию, так и по управлению тестированием. С 2015 года сертифицированный Scrum Master. Коллекционирует желтеньких резиновых уточек.

Основы нагрузочного тестирования с инструментом Jmeter

Основы нагрузочного тестирования с инструментом Jmeter

Основы нагрузочного тестирования с инструментом Jmeter

Компьютерная школа Hillel

Dive into the world of browser-based load testing with Grafana and K6, focusing on enhancing the performance of front-end web applications. Explore the seamless integration of Grafana and K6, gaining insights into effective strategies for testing and optimizing website performance. Uncover practical tips, best practices, and real-world examples to elevate your front-end load testing proficiency. Join us for an engaging session at the intersection of Grafana, K6, and front-end performance optimization.

Browser-Based Load Testing with Grafana K6

Browser-Based Load Testing with Grafana K6

Browser-Based Load Testing with Grafana K6

APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

Accessibility Testing - Using Asqatasun - Meetup Webinar

Accessibility Testing - Using Asqatasun - Meetup Webinar

Accessibility Testing - Using Asqatasun - Meetup Webinar

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Testdroid:

Measure performance of the application using open source performance testing...

Measure performance of the application using open source performance testing...

Measure performance of the application using open source performance testing...

The Datacenter API

The Datacenter API

The Datacenter API

Android Effective UI: Tips, Tricks and Patterns

Android Effective UI: Tips, Tricks and Patterns

Android Effective UI: Tips, Tricks and Patterns

Demystifying Robotic Process Automation (RPA) & Automation Testing

Demystifying Robotic Process Automation (RPA) & Automation Testing

Demystifying Robotic Process Automation (RPA) & Automation Testing

Android workshop

Android workshop

Android workshop

Slides from my 4-hour workshop on Client-Side Performance Testing conducted at Phoenix, AZ in STPCon 2017 (March). Workshop Takeaways: Understand difference between is Performance Testing and Performance Engineering. Hand’s on experience of some open-source tools to monitor, measure and automate Client-side Performance Testing. Examples / code walk-through of some ways to automate Client-side Performance Testing. See blog for more details - https://essenceoftesting.blogspot.com/2017/03/workshop-client-side-performance.html

Client-Side Performance Testing

Client-Side Performance Testing

Client-Side Performance Testing

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...

Agile Testing Alliance

Slides for Automation Testing or End to End testing

Slides for Automation Testing or End to End testing

Slides for Automation Testing or End to End testing

Mobile+API

The key to truly being successful with Pivotal Cloud Foundry (PCF) is to have a dedicated team equipped with modern practices and methodologies running your cloud platform. Join Caleb and Parker from Pivotal Cloud Foundry’s Solutions team, as they discuss what a healthy platform capability looks like, and share practical advice on how to ensure your platform team is ready to unlock the full value of PCF. This webinar is for all people who have purchased PCF and those that are considering doing so. In this webinar you will understand: ● What we mean by 'treat your platform as a product' ● The need for a dedicated platform team ● Why you need to adopt a culture of continuous improvement ● How to garner executive support in order to challenge convention Presenters: Caleb Washburn, Director, Solutions Architect & Parker Fleming, Director, Solutions Architect, Pivotal

Habits of Highly Effective Platform Teams: Unlocking the Value of PCF

Habits of Highly Effective Platform Teams: Unlocking the Value of PCF

Habits of Highly Effective Platform Teams: Unlocking the Value of PCF

Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...

Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...

Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...

Chris Sparshott

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Similar to OWASP A&D Project (20)

Основы нагрузочного тестирования с инструментом Jmeter

Основы нагрузочного тестирования с инструментом Jmeter

Основы нагрузочного тестирования с инструментом Jmeter

Browser-Based Load Testing with Grafana K6

Browser-Based Load Testing with Grafana K6

Browser-Based Load Testing with Grafana K6

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

Peeling the Onion: Making Sense of the Layers of API Security

Accessibility Testing - Using Asqatasun - Meetup Webinar

Accessibility Testing - Using Asqatasun - Meetup Webinar

Accessibility Testing - Using Asqatasun - Meetup Webinar

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Kristian Karl - Experiences of Test Automation at Spotify - EuroSTAR 2013

Testdroid:

Measure performance of the application using open source performance testing...

Measure performance of the application using open source performance testing...

Measure performance of the application using open source performance testing...

The Datacenter API

The Datacenter API

The Datacenter API

Android Effective UI: Tips, Tricks and Patterns

Android Effective UI: Tips, Tricks and Patterns

Android Effective UI: Tips, Tricks and Patterns

Demystifying Robotic Process Automation (RPA) & Automation Testing

Demystifying Robotic Process Automation (RPA) & Automation Testing

Demystifying Robotic Process Automation (RPA) & Automation Testing

Android workshop

Android workshop

Android workshop

Client-Side Performance Testing

Client-Side Performance Testing

Client-Side Performance Testing

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...

ATAGTR2017 Unified APM: The new age performance monitoring for production sys...

Slides for Automation Testing or End to End testing

Slides for Automation Testing or End to End testing

Slides for Automation Testing or End to End testing

Mobile+API

Habits of Highly Effective Platform Teams: Unlocking the Value of PCF

Habits of Highly Effective Platform Teams: Unlocking the Value of PCF

Habits of Highly Effective Platform Teams: Unlocking the Value of PCF

Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...

Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...

Integrating IBM Web Sphere Portal With Web Analytic Hosted And Non Hosted Sit...

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Microsoft power point automation-opensourcetestingtools_matrix-1

Recently uploaded

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Manulife - Insurer Innovation Award 2024

Manulife - Insurer Innovation Award 2024

Manulife - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Manulife - Insurer Innovation Award 2024

Manulife - Insurer Innovation Award 2024

Manulife - Insurer Innovation Award 2024

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

OWASP A&D Project

1. OWASP A&D Project OWASP A&D Project Leaders Takaharu Ogasa Yuichi Hattori Shota Sato Apr 15, 2018

2. What’s OWASP A&D Project? • A&D stands for Attack and Defense. • OWASP A&D Project is a Deliberately Vulnerable Web-application Interactive Platform focuses on web application developers to fix its vulnerabilities through the real world like environment. – We call this platform A&D platform. • The project aim is participants to acquire skills of find and fix web application vulnerabilities.

3. A&D Platform • The platform will include – standalone mode for self-study – Competition mode mode for event • The platform will support – automatic attack to the web application – Status check for web application vulnerabilities

4. A&D Platform A&D Platform Overview(Competition Mode) Operator’s Server Participant’s servers Status Check Attack Fix And Search (SSH) View Status and Ranking (HTTP)

5. Competition Mode • Competition mode is for multi users event. • We will provide – Ranking and Score Graph – Auto Scoring – Match system like Tennis

6. A&D Platform Overview(Standalone Mode) A&D Platform Check Server (Automated Or Manual) Challenge’s Servers Status Check Attack Fix And Search (SSH) View Status (HTTP)

7. Standalone Mode • Standalone mode is for Self-Study. • Standalone mode concept is developer can study at home. • We will provide study environment include vulnerabilities description. • We will provide some challenges what adjusted a insecure web application for A&D event.

8. Roadmap of next 6 months • develop A&D platform. • develop 3 insecure web application for the platform. • create A&D Quick Start Guide for Event . • create A&D Quick Start Guide for Self-Study. • Finalize the A&D project and have it reviewed to be promoted from an Incubator Project to a Lab Project.

9. Deliverables of next 6 months • Attack and Defense Quick Start Guide(PDF). – For Event, For Self-Study. • A&D Platform – source code, docker image, and vm image. • Three Insecure web application – source code, docker image, and vm image.