CSA
Participants: enter the $500 random
drawing with your email address  

Hackathon winning count down:

Your chance to WIN $10,000 between Sept 18 and Oct 16, 2014

How to Win?
The first participant to successfully capture the target information on the protected server will receive $10,000 in cash.

When to start?
Thursday, September 18, 2014 at 9AM PST

Rules? None

Who should participate?
Determined hackers: we want you! Use CSA's Twitter feed to monitor event progress and ask questions from anywhere in the world, anytime.

 

Getting Started

Attack Anonymously - Click the "Basic Scan" button to do a basic scan of the SDP Gateways and Protected servers, and then use some of the tools provided here for more sophisticated attacks. Of course, you can also use any of your favorite tools to attack the target server or any of the other associated servers.

Skilled Adversary - A skilled adversary would obtain the SDP Client software demonstrated in the video and try to hack it. Click here to download the installer, but note that installer will not have the cryptographic artifacts to connect to the target SDP.

Package Capture Information

 

Architecture

Schematic

Background

Software Defined Perimeter (SDP) is a new security concept being standardized by the Cloud Security Alliance (CSA). SDP combines time proven security concepts (such as need-to-know access) with new technologies (like Mutual TLS with DHE) into an integrated package.

This new approach to security mitigates network-based attacks by dynamically creating perimeter networks anywhere in the world—including in a cloud, on the DMZ, and in the data center.

SDP is designed for a wide range of applications from protecting Internet-facing web sites to enabling secure hybrid cloud networking. For the purpose of this Hackathon, an SDP will be used to protect a high value file server against an insider attack.

Participants in the CSA's SDP Hackathon will play the role of the inside attacker. Being an insider, participants will be provided with the IP addresses of the Target server as well as the SDP components protecting it.

Resources

SDP Whitepaper SCA Congress 2014

What are you waiting for?