Capture the Flag for Developers - AppSecUSA 2017



“Capture the Flag” for Developers: Upping your Training Game
Click here to add to My Sched.

Getting developers to care about security is tough, but turning your developer training into a hands-on puzzle game with a Capture the Flag (CTF) event can create excitement while effectively accomplishing the real goal of the training. Permanently open their eyes to what goes wrong when security controls are left out and give them the attacker’s perspective to look critically at their code moving forward. Consider that students remember 20% of what they hear – and 90% of what they do. Hands-on training is radically more effective.

This presentation will discuss the pedagogical underpinnings to the technique (so management will approve it), and practical recommendations on implementing an event (so that the participants will have a good time). After several years of running events in a variety of contexts, I’ll share some success stories and admit to some failures that will help put you on the right path for your own event.

Topics will include:

• Designing your event infrastructure to minimize risk and satisfy IT policies.

• Preparing difficult, but solvable challenges.

• Managing players while encouraging them to break the rules.

Mark Hoopes
Senior Application Security Engineer, Aspect Security
Mark Hoopes has been working in enterprise IT delivery for nearly 20 years in an assortment of roles including development, project management, and major incident management. He found his niche in application security and has been effectively on vacation ever since.


Managed by the official OWASP Media Project

Capture the Flag for Developers - AppSecUSA 2017 Capture the Flag for Developers - AppSecUSA 2017 Reviewed by Unknown on February 01, 2018 Rating: 5