Content
Participants explore software security hands-on with the goal to develop and host an international information security contest (¨Attack/Defense CTF”): contesting teams from all over the world receive virtual machines built during the project. The machines run participants’ services, containing secret tokens ("flags") that other teams have to collect over the wire using exploits as part of the game. To build the contest, participants will dive deep into the security of a platform and language of their choice and create a software project with well-hidden software vulnerabilities in this language. Furthermore, a game server will be developed as a team, including scripts to check the health of services for each contestant. As part of the development and hosting, participants will develop and extend the infrastructure required to host the competition, strengthen their skills in penetration testing and exploitation, and build upon other technical and non-technical abilities, depending on their role in the project. Such skills may include networking, continuous integration, agile development, project management and public relations. Furthermore, students develop and extend the infrastructure, required for the competition. The course gives participants the freedom to explore tools of their choice, build software and find creative ways to corrupt it, with the work done both independently and in small teams.