Skip to content
Go to file
This branch is 84 commits ahead of danielwaterworth:master.

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

ISU NCDC 2014 WebApp

Coverity Scan Build Status

This is the web app for the Spring 2014 ISU National Cyber Defense Competition. It is designed to be intentionally insecure and should not be used in any production system.


A non-exhaustive set of spoilers can be found in the NCDC 2014 Web Debrief.pdf.

Some additional spoilers were made public to both the Red and Blue teams simultaneously during the competition to present a incident-response opportunity. The Software Security Audit anomaly and other competition anomalies can be found in the ISU_Spring_2014_NCDC_Anomalies repository.


  • Developed and tested on Ubuntu 12.04 LTS
  • sudo apt-get update
  • sudo apt-get install cmake
  • sudo apt-get install gcc
  • sudo apt-get install build-essential
  • sudo apt-get install libfcgi-dev
  • sudo apt-get install libunwind7-dev
  • sudo apt-get install liburiparser-dev
  • sudo apt-get install mysql-server
  • sudo apt-get install libmysqlclient-dev
  • sudo apt-get install lighttpd
  • (Note: Ubuntu repo install for cgilib appears to be broken)
  •     wget
  •     tar -xvf cgilib-0.7.tar.gz
  •     cd cgilib-0.7
  •     ./configure
  •     make
  •     sudo make install


  • sudo ln -s /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/10-fastcgi.conf


Recommended IDE is Eclipse for C/C++

Requires Java JRE:

  • sudo apt-get install openjdk-7-jre

To generate Eclipse project files run:

  • cd NCDC2014
  • mkdir -p build
  • cd build
  • cmake -G"Eclipse CDT4 - Unix Makefiles" -D CMAKE_BUILD_TYPE=Debug ../
  • Inside Eclipse, File->Import->General->Existing Projects into Workspace


Framework Background

This project is built on Raphters, a web framework for C based on the rapht architectural pattern (see RAPHT).

Q: Why would you want to build a web application in C? Didn't that idea die out with CGI?

A: Good question. C is fast and fun, when you use well-tested code it can be secure too. It also has a low memory foot-print. The aim of the project is that all of the usual functionality that you have in other frameworks (cookie handling, session management, templating etc) will be implemented via loosly coupled components with clean APIs.


This project uses some works from the Noun Project that require attributions.

  • Shield designed by Nate Eul from the Noun Project
  • Conversation designed by Gregory Radek from the Noun Project
  • Network designed by iconoci from the Noun Project
  • Virus designed by Anu Prasadh Raja from the Noun Project
  • Meeting designed by Slava Strizh from the Noun Project
  • Cloud designed by Jan-Christoph Borchardt from the Noun Project

The project also makes use of Twitter Bootstrap


An insecure web app for the ISU Spring 2014 National Cyber Defense Competition



You can’t perform that action at this time.