Today we're launching Capture the Flag: Web Edition, a security contest where you can try your hand at discovering and exploiting vulnerabilities in mock web applications. If you've ever wondered how a CSRF attack works in practice, this is your chance to find out. We've found that hands-on experience with exploiting security flaws helps us write more secure code, and we hope that working on the CTF will be both enlightening and fun.
To get started, simply create an account at Stripe CTF. You'll be set up with a series of levels; your goal for each level is to extract a password to unlock the next one. If you successfully complete all levels, we'll send you a special-edition Stripe Web CTF T-shirt, designed just for this contest. You can keep tabs on how you're doing relative to others on the Capture the Flag leaderboard.
⁕ ⁕ ⁕
If you're not sure where to start, the Open Web Application Security Project and Google Browser Security Handbook are great resources. You can also chat with fellow solvers in the CTF chatroom (also accessible in your favorite IRC client at irc://irc.stripe.com:+6697/ctf).
If you have any questions, feel free to get in touch at firstname.lastname@example.org. Enjoy the challenge!