addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1linklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

AppSec USA Planning: CTF Development

Code, hack, learn, plan, hang out.


"Isn't there anyone out there who can tell me what CTF is all about?"

Sure, devoted OWASPer, I can tell you what CTF is all about.

In preparation for AppSec USA 2014 (hosted in Denver next September), BOWASP is creating a competition of security-related challenges. One such challenge might involve a web application designed with insecure Apache settings. Another challenge might require competitors to find and exploit a SQL injection vulnerability to reveal a flag. For each flag found, players receive points. Point values vary based on challenge difficulty. The player with the most points at the end of the competition wins.

BOWASP's CTF takes a somewhat unique approach of integrating challenges organically into an overarching story. Challenges serve to develop and progress the plot, the characters, and other story elements. The purpose is to create a more engaging experience.

"I haven't been to any CTF meetings. Can I help?"

Yes! We have a lot of work left in the areas of plot writing, FreeBSD administration, challenge development, documentation, and network administration. Key skills sought include:
• Application development (many challenges are language-agnostic, but there is a slant toward web applications)
• Web design (look-and-feel, etc.)
Graphic design
Database administration
System administration
Network administration
Creative writing
Et cetera

"I'm not a developer / hacker / whatever. Are you sure you want my help?"

By far the most important quality to contribute to this project are time and enthusiasm. If you feel comfortable learning new technologies and believe you would be able to cobble something together, then we absolutely want your help. The beauty of developing a CTF is that writing poor, insecure code is actually desirable.

Through the end of the year we will work on refining the story and the infrastructure components. The infrastructure consists of two primary entities: the scoreboard and the competitor VM. The VM is a self-contained environment in which all of the challenges reside. FreeBSD expertise is welcome, particularly surrounding the concept of jails. In January our development efforts will shift from infrastructure to writing and integrating challenges.

"This sounds like work. What's in it for me?"

Free food and drinks, a fun project to work on, a good group of folks to spend time with, a no-pressure environment to learn about security, and AppSec USA 2014 incentives for steady contributors.

Join or login to comment.

  • Chris C.

    Webex details for tonights meeting:

    Starting date: Wednesday, December 11, 2013
    Starting time: 6:00 pm, Mountain Standard Time (Denver, GMT-07:00)
    Meeting number: [masked]
    Audio conference: To receive a call back, provide your phone number when you join the meeting, or call the number below and enter the access code.
    Call-in toll number (US/Canada):[masked]
    Call-in toll-free number (US/Canada):[masked]
    Access code:[masked]

    December 11, 2013

  • James S.

    Haven't been to a meetup yet, but this sounds like so much fun. Looking forward to it.

    December 9, 2013

  • A former member
    A former member

    Not gonna be there in person but I'll be phoning in

    December 8, 2013

7 went

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy