AppSec USA
Your life is in the cloud.

Contact Us
About Us
Women in AppSec

September 21
U Challenge
OSS Showcase


September 22-23, 2011: An OWASP CTF and mplsCTFgames event

Looking for the University Challenge instead? Click here.


This OWASP AppSec USA 2011 CTF was put together by Steven van der Baan of the global OWASP CTF project, Spenser Reinhardt of mplsCTFgames, and Aaron Yaeger. All skill levels were welcome!

Congrats to The Dubliners, DisK0nn3cT, and sid for taking top honors in the OWASP AppSec USA 2011 CTF!

Whether you were an old hack or new enthusiast you should have joined us for the OWASP AppSec USA 2011 Capture the Flag event September 22-23, 2011 at the Minneapolis Convention Center (players had to register for the conference to play). The OWASP AppSec USA 2011 event was specially designed to support challengers of all skill levels. Players competed in multiple challenges, gaining points for each flag that they captured. One point per flag was granted as players picked and chose challenges across all areas of application security.

Players showed off their skills, learned some new tricks, and had a great time. All they needed was a laptop equipped with a wifi card and pre-installed with all of their favorite non-commercial tools. And the winners received gaming consoles, gift certificates, and more!

At the start of the event, each team was provided some basic rules regarding how to play nice in our little make believe network and a list of hints to get started chasing after those coveted flags. We were happy to have them all!

Pre-conference Challenge #3 - July 2011

Pre-conference challenge #3 - July 2011 - was solved in record time! The goal was to figure out the code and explain how you figured out the code. Congratulations to tomconner46 for being first to solve it! Honorable mention to: Dan Amodio, jstrassburg, @audiopocalypse, Johnny Y, dvvord, {}, weston.pace, @zhroom_42, woodzy, Michael, Roger Seagle, Jimmy, Chris Hartley, @planetlevel (apsectsecurity.com), Rizki Wicaksono (@rizki81), ##########, Jean-Michel Besnard, Timo Hirvonen (@TimoHirvonen), silvermaster, Aaron Weaver, and matonis (mike-matonis.com).

If you want to try it out for yourself, download this ZIP file. Here's a thoughtful solution to the challenge from matonis (mike-matonis.com).

Thank you to OWASP AppSec USA 2011 CTF organizer Aaron Yaeger for building this challenge.

Pre-conference Challenge #2 - June 2011

Congratulations to @DisK0nn3cT and @lobobastich for winning this pre-conference challenge! And raise your glass to Reinhart (different person than OWASP AppSec USA 2011 CTF organizer Spenser Reinhardt) for rooting the box and being so kind as to quietly disclose the need for a fix!

There's a great writeup on the June 2011 challenge and solution. Here were the hints to the challenge, What's the code?


  • HINT 0 (in the form itself!): Better attempt some engineering, so if excess time yields fifty or under rotations, please resist elaborate, fancy explanations. Really, really eliminate doubt.
  • HINT 1 (added 14-June-2011): You really want a code that will get you into the conference.
  • HINT 2 (added 22-June-2011): To go in the right direction, think about what person usually handles an invoice.
  • HINT 3 (added 29-June-2011): Have you really seen your invoice lately?
  • FINAL HINT (added to Steven's site shortly before being solved): MY invoice will get you there, not YOURS!

Much thanks to Steven van der Baan, OWASP CTF Project Lead, for putting this challenge together!

Pre-conference Challenge #1 - May 2011

Congratulations to ChrisKarel for winning the first pre-conference challenge! Honorable mention also goes to stype, kerem, Frodo, and YoriKv.

Answers are here.

Thank you to Spenser Reinhardt of mplsCTFgames for assembling this challenge.

Talks Icon


Sponsors Icon


Training Icon


Capture the Flag Icon


Promotional Consideration Provided By

Corporate Donors

Trustwave   Security Innovation

IBM   NetSPI   Veracode

Qualys   Fortify, an HP Company

Cigital   Accuvant   Core Security

Radware   Imperva   WhiteHat Security

Barracuda Networks   Rapid7   Aspect Security

Fishnet Security   Intrepidus Group   NT OBJECTives

Additional Sponsors

Media Partners
TECHdotMN   The 451 Group

(ISC)2   InfoSecurity