Gamifying Developer Education with CTFs

Presented at NolaCon 2018, May 20, 2018, 10 a.m. (Unknown duration).

CTFs are a staple of the security world. Nearly every conference has one, and the number of available CTFs (as well as competitors) is constantly growing. However, CTFs are rarely put to use outside of the security community. A frequent cause of security issues is human error, and countless incidents in the real world could have been prevented by a deeper understanding of vulnerabilities. CVEs, OWASP top 10, and other such vulnerabilities may now come naturally to security professionals, but this understanding is often left in our domain. We ran a CTF for our employees for a week during security awareness month in order to give hands-on lessons in offensive security concepts. In this talk we'll go over the process, the challenges, the successes and failures, and how you can integrate a CTF into your security program.


Presenters:

  • Max Feldman
    Max works on the Vulnerability Discovery and Product Security teams at Slack, finding bugs before the bad guys do and developing security tools and automation to help
  • John Sonnenschein
    John works on the Vulnerability Discovery and Product Security teams at Slack, finding bugs before the bad guys do and developing security tools and automation to help

Links:

Tags:

Similar Presentations: