Joe,
What are you thinking of exactly? You could easily customize WebGoat to be
more like a game. It's extremely easy to implement new lessons (the hard
part is thinking them through). To make a new lesson, you just fill a few
methods into a single java class. It's all dynamically loaded, so you don't
have to change anything else. If you wanted to make a game of it, just
remove the existing lessons and drop in the ones you want.
--Jeff
Jeff Williams
Aspect Security
Securing your applications at the source
http://www.aspectsecurity.com
Do your developers know the top ten web application security mistakes?
----- Original Message -----
From: Joe McCray
To: webappsec_at_securityfocus.com
Sent: Thursday, October 02, 2003 2:45 PM
Subject: Requesting help with WebAppSec Game Development
Hey guys,
I've been a service exploitation kinda guy for a while now and I compete in
a
lot of hacking competitions, and this year at Def Con's capture the flag
competition we had to complete the first 10 levels of ngsec.com's web
authentication game just to qualify for the game. The game was almost
completely web app based, and it was a lot of fun.
Basically what I'm emailing the list for is because I'd like to have
something
like the Webgoat server on www.rootwars.org so people can use it as a tool
for
learning webappsec. It's an area of computer security that we don't focus on
yet, and I can see that it is important and will only become more critical
as
time goes on.
This is just one of the many things that we would like to work toward having
at
rootwars.org, and would love to have more people help out. Please contact me
at: joe_at_rootwars.org if you are interested
Joe McCray
joe_at_rootwars.org
http://www.rootwars.org
Hacking Games Hands-on Courses HackLab Access
Received on Oct 02 2003
Intro
