Capture the Flag 2.0

Greg Brockman Engineering

Today we're launching Capture the Flag: Web Edition, a security contest where you can try your hand at discovering and exploiting vulnerabilities in mock web applications. If you've ever wondered how a CSRF attack works in practice, this is your chance to find out. We've found that hands-on experience with exploiting security flaws helps us write more secure code, and we hope that working on the CTF will be both enlightening and fun.

To get started, simply create an account.You'll be set up with a series of levels; your goal for each level is to extract a password to unlock the next one. If you successfully complete all levels, we'll send you a special-edition Stripe Web CTF T-shirt, designed just for this contest. You can keep tabs on how you're doing relative to others on the Capture the Flag leaderboard.

If you're not sure where to start, the Open Web Application Security Project and Google Browser Security Handbook are great resources. You can also chat with fellow solvers in the CTF chatroom (also accessible in your favorite IRC client at irc://

If you have any questions, feel free to get in touch at Enjoy the challenge!

Like this post? Join our team.

Stripe builds financial tools and economic infrastructure for the internet.

Have any feedback or questions?

We’d love to hear from you.