OWASP University Challenge

Thank you for visiting OWASP.org. We recently migrated our community to a new web platform and regretably the content for this page needed to be programmatically ported from its previous wiki page. There’s still some work to be done. The historical content can be found here.

Please visit our Page Migration Guide for more information about updating pages for the new website as well as examples of github markdown.


![OWASP_Project_Header.jpg](OWASP_Project_Header.jpg "OWASP_Project_Header.jpg")

The University Challenge is a competition among teams comprised of university students that will be held during the training days of the larger OWASP AppSec conferences (AppSec US, AppSec EU, …).

  • There is no admission fee for the University Challenge – participation in the conference is possible for free.
  • During the University Challenge teams will solve mission style security challenges using the Hacking-Lab framework.
  • The OWASP University Challenge could be limited to 8 teams, depending on available space and budget. Teams will consist of 4-8 students, with one team per university.
  • All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list.
  • All team members must be registered. Registration for the University Challenge event is free.
  • Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt. Of course, the first three winning teams will get some small prizes (to be announced).


The OWASP University Challenge is a one or two day mission style security challenge event during the AppSec conferences training days! University / Student teams can compete solving hack challenges and defending insecure applications.

Attack-Defense System

Attack-Defense.pngThe challenges are even more dynamic and realistic now. Instead of just solving different security challenges, teams carry out a virtual online battle against each other in an attack-defense based competition, also known as CTF system. If you are interested to learn more about the CTF system, you will find here more information: CTF System


OWASP Student Chapters Program


News and Events

In Print


What is the OWASP UC?



The AppSec conference should take care of:

The AppSec conference should take care of:

    • Venue / rooms during the conference training days
    • Venue / rooms during the conference training days
    • Feed the students
    • Feed the students
    • Local pr / announcements at local Universities
    • Local pr / announcements at local Universities



Project Leader

Project Leader

Ivan Buetler

Ivan Buetler

Mateo Martinez

Mateo Martinez

OWASP Student Chapters Program

Set Up

Conference Organisation:

  • Announcement
  • Room / Space for the University Challenge
    • Internet connection
    • Video projector (scoring/ranking)
    • Power and extensions
  • Outreach to the local Universities
  • Sponsor for winner prizes
  • Winner announcement during the main track / (before) end of the conference


During the two training days

  • challenges will be organized together with Hacking-Lab
  • Hardware (challenge server) come from Hacking-Lab
  • Hardware (wilreless routers) come form the Education Committee


  • Travel and lodging has to be organized and covered by the student teams themselves, the conference should feed the students
  • Travel and lodging of the University Challenge project leader (running the challenge) is covered by the conference
  • It is recommended to give the University Challenge teams free entrance to the conference


We could need the conference organization team to help finding sponsors for the prices.

University Challenge Events

Previous events:

Ticket winning” pre-conference challenges:

-> option for conference to offer free tickets via solving Hacking-Lab challenges -> qualifying for UC? -> Team qualifying


   Q1: When typically has the event run at AppSec, during the training days or during conference proper?    A1: The UC is normally hosted during the training days

   Q2: What size of room or seating capacity has typically been used?    A2: Depending to the PR and number of teams (teams have a max of 8 members)

   Q3: What prizes are usually awarded?    A3: depends, if the conference manages to find sponsors there are prices. At the AppSec-Eu 2013, there where no prices, only the honor of winning

   Q4: Do the teams  have free conference access?    A4: No, the teams have to organize travel and lodging themself. all we do is hosting the UC and feed them.    There are no entrance / attendance fees charged previously    The attendees usually get free access to the conference (because they travel from foreign countries too) 



The University Challenge is run by the OWASP/Hacking-Lab project. Real knowledge derives from hands-on experience.

About Hacking-Lab

Hacking-Lab.pngHacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the OWASP University Challenges and for the European Cyber Security Challenge. The Hacking-Lab also provides free OWASP TOP 10 online security labs. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense.

Learn more about:

Road Map and Getting Involved

  • University Challenge 2017 @ AppSec EU in Belfast (Martin Knobloch)

Project About


Category:OWASP Project Category:OWASP_Builders Category:OWASP_Defenders Category:OWASP_Document


Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.