OWASP Top Ten Projects

Fall 2025 -- Sam Bowne

Enter Flags · Scoreboard · Details

Basics

LJ 101-807: Linux Journey (83 extra)
W 101: Linux command line (20 pts + 15 extra)
ED 102: Command Injection (20 pts + 40 extra)
ED 103: SQLI Challenges (30 pts + 155 pts extra)
W 600: Burp & Web Security Academy (20 pts)

AP 100: Finding API Endpoints (20 pts extra)
AP 101: Using Postman with Burp (20 pts extra)
AP 102: Cracking a Java Web Token Signature (20 pts extra)
AP 103: Fuzzing with Postman (20 pts extra)
AP 104: Broken Object-Level Access (BOLA) (10 pts extra)
AP 105: Broken Function-Level Access (BFLA) (10 pts extra)
AP 106: NoSQL Injection (10 pts extra)
AP 110: Installing crAPI (15 pts extra)

AP 120: Vulnerable API (20 pts extra)
AP 121: Using OWASP ZAP to Scan Vulnerable API (25 pts extra)

AP 130: c{api}tal (75 pts extra)

Windows and Linux Machines

IR 100: Windows and Linux Machines20

Velociraptor

IR 371: Velociraptor Server on Linux  20 + 5 extra
IR 372: Investigating a PUP with Velociraptor  25 + 15 extra
IR 373: Investigating a Bot with Velociraptor  50 extra
IR 374: Investigating a Two-Stage RAT with Velociraptor  35 extra
IR 370: Installing Velociraptor on Windows  30 extra

Posted 9-10-25