Web Vulnerability Assessment Security Treasure Hunt

Welcome to the Web Vulnerability Assessment Security Treasure Hunt, an online environment designed to help identify people with Information Security interest and skills. Participants will be challenged to identify security flaws on a target system and answer questions based on those issues. Everyone is welcome to participate.

The environment consists of two components: a target system and a question engine machine.

The target system, located at http://target.securitytreasurehunt.com, is a psuedo-vulnerable application that you can browse through to discover the problems with its configuration and application. Your analysis does not require you to apply detailed vulnerability assessment tools to find the flaws in this target machine, although the running of such security tools is allowed provided that your actions do not impair the performance or stability of the target machine. The challenge only requires the use of a web browser, some creativity, and possibly some research on the Internet. This target machine (target.securitytreasurehunt.com) is the only system in this environment you should explore and analyze for security flaws. Your analysis should not involve denial of service, nor should it interfere with others participating in the challenge.

The question engine machine, located at http://questionengine.securitytreasurehunt.com, poses a series of questions about the vulnerabilities on the target machine as well as general Information Security issues. This engine allows participants to judge how they are doing and lets the creators of the Web Vulnerability Assessment Security Treasure Hunt identify individuals with promising Information Security skills.

To begin using this environment, simply select the link on the left to the Question Engine system and register for an account. Once registered, participants can begin looking at the questions and analyzing the target machine to identify its vulnerabilities. There is no time limit on the quiz, and everything is open book, open Internet, and open to the public. Remember, each quiz question may have one or more answers.

Questions about the challenge should be directed to registration@securitytreasurehunt.com. However, please keep in mind that we will not give answers to the quiz itself.

Thank you, and enjoy the challenge!