Golfing with Dragons: Building Secure Environments for CTFs
May 2023 • Presentation
Jared Stroud (MITRE), Dan Szafran (MITRE)
This session was presented by Jared Stroud and Dan Szafran of MITRE at DevSecOps Days Pittsburgh, held virtually May 11, 2023.
Software Engineering Institute
Capture-the-flag events remain one of the most popular ways to learn new skills in the information security field, but how do you securely deploy and monitor a competition that is designed to be hacked?
This talk will demonstrate how running CTF events are an exercise in applied DevSecOps practices. From threat modeling the attack surface to building hardened containers and monitoring resource utilization, we will cover how to approach running competitions that are meant to be hacked while maintaining the security of your core infrastructure and ensuring competitors enjoy the competition.