Re: Requesting help with WebAppSec Game Development

["Jeff Williams @ Aspect" <jeff.williams () aspectsecurity com>]

Joe,

What are you thinking of exactly? You could easily customize WebGoat to be
more like a game.  It's extremely easy to implement new lessons (the hard
part is thinking them through).  To make a new lesson, you just fill a few
methods into a single java class.  It's all dynamically loaded, so you don't
have to change anything else.  If you wanted to make a game of it, just
remove the existing lessons and drop in the ones you want.

--Jeff

Jeff Williams
Aspect Security
Securing your applications at the source
http://www.aspectsecurity.com

Do your developers know the top ten web application security mistakes?




----- Original Message ----- 
From: Joe McCray
To: webappsec () securityfocus com
Sent: Thursday, October 02, 2003 2:45 PM
Subject: Requesting help with WebAppSec Game Development


Hey guys,

I've been a service exploitation kinda guy for a while now and I compete in
a
lot of hacking competitions, and this year at Def Con's capture the flag
competition we had to complete the first 10 levels of ngsec.com's web
authentication game just to qualify for the game. The game was almost
completely web app based, and it was a lot of fun.

Basically what I'm emailing the list for is because I'd like to have
something
like the Webgoat server on www.rootwars.org so people can use it as a tool
for
learning webappsec. It's an area of computer security that we don't focus on
yet, and I can see that it is important and will only become more critical
as
time goes on.

This is just one of the many things that we would like to work toward having
at
rootwars.org, and would love to have more people help out. Please contact me
at: joe () rootwars org if you are interested

Joe McCray
joe () rootwars org
http://www.rootwars.org
Hacking Games   Hands-on Courses   HackLab Access