AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Back To Schedule
Wednesday, June 25 • 11:50 - 12:35
OWASP Security Shepherd - Mobile/Web Security Awareness and Education

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

What is this all about?

The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill­set demographic.This project enables users to learn or to improve upon existing manual penetration testing skills. This is accomplished through lesson and challenge techniques. A lesson provides a user with a lot of help in completing that module, where a challenge puts what the user learned in the lesson to use.

Security Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Using these risks as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well.

Over the last year the OWASP Security Shepherd has proven itself to be a resilient platform in which CTF (Capture the Flag) events can be deployed upon. Examples include

  1. The OWASP Global CTF 2013

  2. IRISScon 2013 Cyber Security Challenge

  3. The OWASP EU Tour 2013 Online CTF

  4. Source Conference CTF

  5. The OWASP LATAM 2013 Tour Online CTF

  6. The OWASP Ireland AppSec 2012 CTF

One of the biggest concerns that organisers of CTF competitions have is that their system or scoreboard may be compromised. There are few open source projects that offer a secure CTF platform to utilise. With the Shepherd platform been subject to the playful prods and less playful assaults from five continents, it is a candidate to fill this gap. The OWASP Security Shepherd is in the process of been forked to provide the OWASP Shepherd CTF Platform. 


Mark Denihan

Ethical Hacking Test Engineer, IBM
I'm currently working on the IBM Ethical Hacking Team, OWASP Ireland Board Member and founded of the OWASP Security Shepherd Project. I got my BSc in Computing in the Dublin Institute of Technology and I'm working on a MSc in Information Security and Digital Forensics in the Institute... Read More →
avatar for Seán Duggan

Seán Duggan

Security Analyst, Ward Solutions
Sean is a Security Analyst with Ward Solutions. Currently holding an Honors BSc Computer Science and studying for a Masters in Information Security and Digital Forensics. passionate about Android App Security and Development. Sean developed an interest in Mobile Application Security... Read More →

Wednesday June 25, 2014 11:50 - 12:35 BST

Attendees (0)