OWASP Hacker Jeopardy - 2 Jeopardy Template

Hello World

Security Acronyms

OWASP Top 10

MAN Pages

OWASP Projects

100

What is Ruby?

100

XSS

What is 'Cross Site Scripting'?

100

Ranked #1 in 2017, this occurs when "untrusted data is sent to an interpreter as part of a command or query"

What is Injection?

100

"Concatenate files and print on the standard output"

What is 'cat'?

100

It is a set of generic attack detection rules for use with web application firewalls. It aims to protect web applications from a wide range of attacks, including the OWASP Top 10, with a minimum of false alerts.

What is 'OWASP ModSecurity Core Rule Set (CRS)'?

200

What is C?

200

CSRF

What is 'Cross Site Request Forgery'?

200

A staple in the Top 10 for years, this occurs when an "application includes untrusted data in a new web page without proper validation or escaping"

What is Cross Site Scripting?

200

"Send ICMP ECHO_REQUEST to network hosts"

What is 'ping'?

200

The project offers a comprehensive guide and reference implementation that offers prescriptive guidance to implement intrusion detection and automated response into applications

What is 'OWASP AppSensor Project'?

300

What is Scala?

300

DoS

What is 'Denial of Service'?

300

This attack, which finally fell out of the top 10 in 2017, "forces a logged-on victim's browser to send a forged HTTP request" the application thinks is legitimate

What is Cross Site Request Forgery?

300

"Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships"

What is 'netstat'?

300

An open source vulnerability management tool writin in Python that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.

What is 'OWASP DefectDojo Project'?

400

What is Objective-C?

400

RCE

What is 'Remote Code Execution'?

400

A new addition in 2017, this vulnerability deals with the way objects in certain languages (e.g. Java) are stored and transmitted over a network.

What is Insecure Deserialization?

400

"Transfer a URL"

What is curl?

400

A document was written by developers for developers, providing a list of security techniques that should be included in every software development project, ordered by order of importance.

What is 'OWASP Proactive Controls'?

500

What is Erlang?

500

XXE

What is 'XML eXternal Entity'?

500

Another new addition in 2017, this attack is demonstrated here:

<!DOCTYPE foo [

<!ENTITY pwn SYSTEM "file:///etc/passwd"> ]>

What is XML External Entities?

500

"Pattern scanning and process language"

What is 'awk'?

500

An intentionally insecure webapp for security trainings, written entirely in Node.js, Express, and AngularJS - which encompasses the entire OWASP Top Ten and other severe security flaws.

What is 'OWASP Juice Shop Project'?