Undergraduate Application Security Challenge
About the Competition
CSAW Application Security Challenge is a cyber attack competition loosely based around the
Defcon Pre-quals.
Participants are given a series of challenges divided into different categories, each worth a specified number
of points. This year, the competition will focus heavily on web application security, however, other topics will not be left out. Make sure you are a jack of all trades or put together a team with a diverse skill set.
Dates
Registration Opens : August 15th 00:00 Hrs
Registration Closes : September 20th 23:59 Hrs
Start of competition: September 26th 00:00 Hrs (challenges, instructions, and rules are put up)
End of competition: September 27th 23:59 Hrs (last chance to submit answers)
Judging Criteria
Judges for this event will pick a winning team based on the amount of challenges solved and points earned.
Some challenges will be open-ended and allow for variable scoring, to be determined by the judges.
Bonus points are possible for discovering things that are not directly a part of the question.
CSAW 2009 Judges will be announced shortly
Travel Grants
Each finalist will receive a travel grant to offset the cost of attending the awards ceremony, where the first-, second-, and third-place place winners will be announced, along with a bonus prize winner.
Finalists must be present at the awards ceremony to redeem their prizes.
Contest Type
Include the team name and the names of all your team members during registration.
This contest can be done remotely, however, finalists are required to attend the awards ceremony at NYU-Poly on November 12th,
where the prize winners will be announced.
Students who need to travel more than 100 miles will be given a lump-sum scholarship to offset their travel costs.
-
How do I know when I've solved a challenge?
The "answer" to most of the challenges is a string of random numbers, an MD5 sum,
or a SHA1 sum which you will recognize when you get one. A few challenges require you to deface webpages or other tasks.
Those challenges will specify how to know you're done.
-
How do I redeem my answers for points?
E-mail/IM your team name, answer, and the URL of the challenge you completed to csaw_ctf@isis.poly.edu with [CSAW-CTF] in the subject line.
Submissions will only be accepted from a single e-mail address per team.
Rules
-
The competition is strictly limited to students up to undergraduate level residing in USA.
-
Registering for the CTF competition does not force you to participate
-
Only use your team e-mail (the e-mail you signed up with) for communicating with Ravi
-
You may submit answers in any order
-
You may only submit an answer to a given question once
-
Unless you are the author of the tool, the use of all commercial tools are forbidden (we suggest using OWASP tools)
-
The entire competition is hosted on the same server for each team.
If you find a hack which can modify the contents of the filesystem or disrupt the challenges in any way,
e-mail Ravi with the details and he will give you bonus points.
-
DoS attacks are not allowed and will result in disqualification
-
The only legal play times are between September 26th 00:00 Hrs and September 27th 23:59 Hrs
-
Finalists must attend the awards ceremony to redeem any prizes they are entitled to.
Questions
If you have any questions about the contest, feel free to e-mail
csaw_ctf@isis.poly.edu.
CSAW 2008 CTF Winners
Place |
University/School |
Team Name |
Team Points |
1st place |
Multiple |
Team Tefaye |
16375 |
2nd place |
Rensselaer Polytechnic Institute |
RPISEC |
13575 |
3rd place |
University of Idaho |
Pwntatoes |
11475 |
4th place |
Ruhr University Bochum |
FluxFingers |
10075 |
5th place |
Naval Postgraduate School |
MyLittlePwnies |
9175 |
6th place |
RWTH-Aachen |
teamSparta |
7925 |
7th place |
Bagsværd Kostskole & Gymnasium |
The Down Ownerz |
7825 |
8th place |
DePaul University |
SecurityDaemons |
5025 |
9th place |
University of South Florida |
0x28Thieves |
4200 |
10th place |
UCLA |
WiseguyS |
4125 |
Additionally, a bonus prize is awarded to The Down 0wnerz for being our youngest participants.
CSAW 2008 CTF was Judged by:
CSAW 2007 CTF Winners
1st
|
MyLittlePwnies
|
Naval Postgraduate School
|
2nd
|
Pwntatoes
|
University of Idaho
|
3rd
|
CLASY
|
SUNY Stony Brook
|
4th / Best Undergrads
|
RPISec
|
Rensselaer Polytechnic Institute
|
5th / Best Individual
|
Caleb
|
SUNY Binghamton
|