In a move aimed towards encouraging students and developers of cyber security and related disciples, Facebook has open-sourced its Capture the Flag (CTF) platform. The move will let interested people learn more about bugs as well as the nuances of virtual security and host their own instances of Capture the flag.
In case you are unaware of it, Capture the flag refers to a very particular type of competition used in the computer security to highlight the different types of attacks and exploits that can be found in the real world. As is obvious, bringing such problems to the table allows budding programmers try their hand at handling these issues, ensuring that they are not surprised when they come across them later.
CTFs also provides a good opportunity to connect with like minded people working in the same niche and learning from them. Facebook already has a well developed Capture the flag platform that is uses to organize its own CTF events across the world. Some of the places where its platform has been deployed includes SOURCE Dublin, BruCON, Stanford University etc.
The tournaments have also helped a lot of talented programmers find their ground and establish themselves in the field. Since the tournaments are quite a lot about getting around security parameters and how improper implementation can lead to broken security, learning about these flaws and loopholes also helps make you a better defender.
The tournaments are usually classified into two parts or levels, namely Bases and Flags.
- You can only score once as a team
- A team scores when they solve a puzzle, which results in a SHA1 key
- Puzzles include topics like reverse engineering, network forensic challenges, or cryptography
- Teams receive an initial set of points when they compromise a given system
- Once fully compromised, the team continues to receive points until control is taken away from them by another team.
The company is now releasing its platform on Github, in a bid to make it more widely and easily available. The platform which is available on the website can be downloaded and used to host capture the flag competitions. The Github page also includes demo levels, databases, servers and instructions to set you up with your own hosted competition.
Well, open-sourcing a technology it has worked hard to develop is definitely very noble of Facebook — and of any corporation who does the same. Fortunately, realizing the benefits of open-sourcing — both to themselves and to the technology in general — corporations have been open sourcing stuff left and right of late. Facebook for example, has over 200 projects on Github. Other avid contributors include Google, Microsoft, Apple, Yahoo etc.