Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Guidelines to Contribute with Crackmes #2303

Merged
merged 3 commits into from
Oct 30, 2022
Merged

Add Guidelines to Contribute with Crackmes #2303

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1613b8f
add add a crackme
cpholguera Oct 28, 2022
07e4e69
Merge branch 'master' of https://github.com/OWASP/owasp-mstg into add…
cpholguera Oct 29, 2022
4c98d4a
fix typo
cpholguera Oct 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions docs/contributing/6_Add_a_Crackme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Add a Crackme

The MAS project is a powerful learning resource and the MAS Crackmes are no exception. They allow the MAS community not only to practice the MAS skills they've learned from the MASTG but also let them confirm their approaches to the used techniques, especially when performing reverse engineering.

## Who Can Contribute with a Crackme?

Anyone from individuals to companies. You only hace to read and accepts the Terms and Conditions listed below.
cpholguera marked this conversation as resolved.
Show resolved Hide resolved

**Before submitting a crackme**, first of all contact the MAS team here: <https://mas.owasp.org/contact/>

## Terms and Conditions

If you want to contribute to the MAS crackmes please consider that:

☑️ The source code of the crackme apps must be made publicly available at <https://github.com/OWASP/mas-crackmes>.

☑️ The crackme apps must be reviewed and approved by the MAS project leaders. Some form of documentation and solution writeup/video must be provided for the review process. That must include a list of "features" including techniques used (e.g. obfuscation, whitebox crypto, inline assembly, etc.)

☑️ The crackme apps must not contain any company branding or advertising material (ads, company URL, etc.).

☑️ The crackme apps must align with the MASVS and MASTG in some way.

☑️ The crackme authors are fully responsible for the maintenance of the crackme in the case bugfixes or updates are needed and the MAS team is not able to perform those actions.

## Publishing and Acknowledgements

When successfully adding a crackme, its authors will be credited in the corresponding crackme page in the project website at <https://mas.owasp.org/crackmes> and an announcement will be made via the official MAS social media channels.

## OWASP Openness and Licencing Guidelines

The OWASP projects have a strong foundation in openness and this includes all material related to the projects.

> OWASP Projects must be open in all facets, including source material, contributors, organizational structure, and finances (if any). Project source code (if applicable) must be made openly available, project communication channels (e.g. mailing lists, forums) should be open and free from censorship, and all project materials must be licensed under a community friendly license as approved by the Free Software Foundation ([Appendix 8.2](https://owasp.org/www-pdf-archive/PROJECT_LEADER-HANDBOOK_2014.pdf)).

Please refer to the OWASP Project Leader Handbook that we as project leaders need to comply with: https://owasp.org/www-pdf-archive/PROJECT_LEADER-HANDBOOK_2014.pdf