Skip to Content

At this year’s SAP TechEd in Las Vegas and Amsterdam, my team will offer another “guided hacking” event at the Security Lounge in the SDN Clubhouse.

Again, we built a web server with several vulnerbilities hidden in the application and you have to find them in less than 30 minutes.

You can either enter the challenge directly or first visit our “security training camp” to gain some basic knowledge of the most common security deficits in software.

 

The main idea is to raise awareness among participants regarding how easy it can be for an attacker to break into a web application if the developers don’t do their homework.

And the best part is: you can win an iPod 30GB (black, of course)…

 

So, what’s the challenge?

We set up a web shop that would quickly ruin the company running it.

Here are the tasks:

  • Buy cheaper than the shop owner wants you to
  • Access the file stealme.txt
  • Find the source code of the page ccdata.jsp
  • Acquire another customer’s credit card data (for scientific reasons only)
  • “Borrow” the login data of user vforge
  • Become adminstrator
  • Find an alternative way to become admin – just in case someone fixes the other bug
  • Change the product list

Some voices from last year’s challenge:

  • Made me think about my code. I may be vulnerable. Interesting.
  • This is cool!!
  • It’s fun and it really helps you to think about your own errors.
  • I need more knowledge to protect my own apps

I hope you’ll enjoy it!

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

    1. Mark Finnern
      Hi Nicholas,

      We are happy to announce that Andreas and his team will be there whenever the SDN Clubhouse is open, which after Shay’s keynote is almost all the time besides Friday.

      Check it out, Mark.

      (0) 
  1. Julius von dem Bussche
    Will this be at TechEd2008 again as well?

    I battle around a lot with all the “berechtigungs” stuff (which is not unimportant…), but secure coding is the other half of the coin.

    Julius

    (0) 

Leave a Reply