Gamifying Developer Education with CTFs
John Sonnenschein, Max Feldman at AppSec EU 2018
CTFs are a staple of the security world. Nearly every conference has one, and the number of available CTFs (as well as competitors) is constantly growing. However, CTFs are rarely put to use outside of the security community. A frequent cause of security issues is human error, and countless incidents in the real world could have been prevented by a deeper understanding of vulnerabilities. CVEs, OWASP top 10, and other such vulnerabilities may now come naturally to security professionals, but this understanding is often left in our domain. We ran a CTF for our employees for a week during security awareness month in order to give hands-on lessons in offensive security concepts. In this talk we’ll go over the process, the challenges, the successes and failures, and how you can integrate a CTF into your security program.