While it's easy to read about web-based vulnerabilities like XSS and SQL injection, it's often difficult to find a hands-on environment to interact with and fully exploit these vulnerabilities. Given the number of security flaws found on the web every day, we've found it very useful to have practical experience with how attackers find and exploit vulnerabilities.
To address this need, we ran a Capture the Flag security challenge earlier this year. We were blown away by the response: people logged in from over 12,000 unique IP addresses, and 250 participants captured the flag.
Next week, we will be hosting our second Capture the Flag contest. Unlike the one we ran in February, which focused on low-level vulnerabilities such as buffer overflows, this CTF will be dedicated to web-based vulnerabilities and exploits. It'll be open to anyone who's interested in trying their hand at exploiting our levels. If you capture the flag, we'll send you a special-edition Stripe CTF t-shirt.
Check back here in a week to Capture the Flag!