Skip to main content
  1. Home
  2. Computing
  3. News

Facebook to boost web security with open-sourced Capture the Flag contests

By

facebook open sources capture the flag security ctfcom2p
Facebook
One of the reasons Facebook is a reasonably secure platform, despite being one of the most visited online destinations in the world, is because it has always encouraged the worldwide community of hackers and security experts to try and break it. Through its bug bounties and Capture the Flag (CTF) hacking competitions, it has encouraged everyone to take a crack at its systems and specific challenges.

But running that CTF virtual system is no small feat. It has taken years of tweaking for Facebook to get it right, and the initial set-up costs aren’t cheap, which is why the firm now open-sourcing the entire platform to the world. It hopes that by making CTF systems easier for others to implement, we’ll see a greater growth in digital security knowledge and more secure sites and services overall.

“Due to the high cost and technical requirements of building and running CTF environments, few publicly available resources exist for schools, students, and non-profit organizations to use,” Facebook said in a blog post. “Additionally, finding any security education resources at the middle and high school level is still a challenge. So, we built a free platform for everyone to use that takes care of the backend requirements of running a CTF, including the game map, team registration, and scoring.”

Facebook has been running CTF contests for a number of years now, helping the likes of everyone from college security students  to girl scouts take a stab at cracking security, and learning how to do so in the process. By making the platform available to all for free, it’s hoped that even more organizations with even more members will get a chance to try it out for themselves.

Facebook believes that its Capture the Flag competitions can teach far more than your average computer science program, mostly because it lets people try out ideas in the real world, rather than just discussing the theory of it. It’s also a program that emulates what a lot of security-focused job interviews are like, which could help prepare those particularly interested in the subject for their future careers.

CTFs also target the offensive end of security, which is so often not the case when learning about it. That makes it an invaluable learning resource for anyone interested in security, and now it should be far easier to set up a contest to make that a reality for more people than ever before.

If you’d like to learn about setting up a CTF competition yourself, all of the relevant files needed can be found on the Facebook GitHub page.

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more