Clever Geek Handbook

Safe games

Information security is a serious and complex topic, maybe that's why it is more effective to teach it with simple techniques and playfully?





Hi, my name is Alexey Babenko and in the Mir Plat.Form team   I am responsible for questions related to security testing of developed software products. Our systems are payment services used by tens of millions of customers. In addition to stability and reliability, one of the main characteristics for us is safety. 





I will share our experience in conducting information security games within the company, but before starting, I will tell you a little about why we came to this story at all.





Ensuring the security of systems is a process that affects many stages, from the moment the software is created, to the security of the components on the basis of which this software will be launched, and even the reliability of the processes and employees involved in the operation.





My area of ​​responsibility is application-level security. And when it comes to food safety, the first thing that comes to mind is testing. We make reliable detection of bugs before rolling out to production and there will be no problems. Unfortunately, reality makes its own adjustments. The later we identified flaws in the software, the more difficult it is to fix them, and this affects the speed of rolling out the release to production.





Therefore, our task is not only to identify shortcomings during testing, but to make them appear less often in the products we create. Thus, one of the vectors of food safety activity is training and raising a culture of safe development in product teams. 





let's play

— + , , . — , , .  task-based CTF.





 CTF  , 2- :





  •  CTF, , .





  • task-based CTF, , .





 CTF  , , , . , .  task-based .





, .





: " ?"  CTF  : 









  • , , ,





  • , . 





, — , , . , , , . 





StarMir

C  — , .  — —  : « »!  , .  «StarWars»  «StarMir».





Tasks by category

 «» — , - .  CTF : 





Web





 html  js ,  SSRF  RaceCondition. 





Crypto&stegano





 c  . , , .





Network





, .





Forensic





, : , , .





Reverse





« », .





Trivia





, . , , , - .





, « »,  «   » « », . 





,      , ,   , . .





Distribution of tasks by the number of solved during the game

, , , . 





, — -  Plat.Form, , ,   , ,      . 





, , .  , , ( , ). 





. - , .





 StarMir  . . , , , .





Bonus question in the messenger chat
-

— , , .





, ,  , — , -          «» . 





  ,  .





Ranking Top 10 participants during the game
-10

, — .





  —20 .  Lego StarWars, , .





     .  :  , , , , .





  , , . , , — - -. , . , .







More articles:


All Articles