Gamifying Developer Education with CTFs

Presented at NolaCon 2018, May 20, 2018, 10 a.m. (Unknown duration)

CTFs are a staple of the security world. Nearly every conference has one, and the number of available CTFs (as well as competitors) is constantly growing. However, CTFs are rarely put to use outside of the security community. A frequent cause of security issues is human error, and countless incidents in the real world could have been prevented by a deeper understanding of vulnerabilities. CVEs, OWASP top 10, and other such vulnerabilities may now come naturally to security professionals, but this understanding is often left in our domain. We ran a CTF for our employees for a week during security awareness month in order to give hands-on lessons in offensive security concepts. In this talk we'll go over the process, the challenges, the successes and failures, and how you can integrate a CTF into your security program.

Presenters:

• John Sonnenschein
  John works on the Vulnerability Discovery and Product Security teams at Slack, finding bugs before the bad guys do and developing security tools and automation to help
• Max Feldman
  Max works on the Vulnerability Discovery and Product Security teams at Slack, finding bugs before the bad guys do and developing security tools and automation to help

Links:

• https://nolacon.com/talk/gamifying-developer-education-with-ctfs
• https://infocon.org/cons/NolaCon/NolaCon 2018/Gamifying Developer Education with CTFs John Sonnenschein Max Feldman.mp4
• https://infocon.org/cons/NolaCon/NolaCon 2018/Gamifying Developer Education with CTFs John Sonnenschein Max Feldman.eng.srt (subtitles)

Tags:

• CTF

Similar Presentations:

• DEF CON 30 (2022) / CTF 101: Breaking into CTFs (or “The Petting Zoo” - Breaking into CTFs) Workshop
• Wild West Hackin' Fest 2018 / OSCP, how easy to BoF, CTFs, more
• CarolinaCon 13 (2017) / CTFs - Not Just for Halo