At this year’s SAP TechEd in Las Vegas and Amsterdam, my team will offer another “guided hacking” event at the Security Lounge in the SDN Clubhouse.
Again, we built a web server with several vulnerbilities hidden in the application and you have to find them in less than 30 minutes.
You can either enter the challenge directly or first visit our “security training camp” to gain some basic knowledge of the most common security deficits in software.
The main idea is to raise awareness among participants regarding how easy it can be for an attacker to break into a web application if the developers don’t do their homework.
And the best part is: you can win an iPod 30GB (black, of course)…
So, what’s the challenge?
We set up a web shop that would quickly ruin the company running it.
Here are the tasks:
- Buy cheaper than the shop owner wants you to
- Access the file stealme.txt
- Find the source code of the page ccdata.jsp
- Acquire another customer’s credit card data (for scientific reasons only)
- “Borrow” the login data of user vforge
- Become adminstrator
- Find an alternative way to become admin – just in case someone fixes the other bug
- Change the product list
Some voices from last year’s challenge:
- Made me think about my code. I may be vulnerable. Interesting.
- This is cool!!
- It’s fun and it really helps you to think about your own errors.
- I need more knowledge to protect my own apps
I hope you’ll enjoy it!