The last flag has been captured, and the final tallies are in. Over 16,000 people from around the world participated in Capture the Flag 2.0 during its week-long run, and it's been a blast exploring web application security with all of you.
This time we knew we had to prepare for high demand, so we worked to build more powerful infrastructure, bringing in our expertise from making Stripe itself scalable, reliable, and fast. There are some interesting challenges in building applications geared for thousands of people to simultaneously break in, and Greg wrote about the details of our architecture on his personal blog.
In case you didn't get a chance to try them all, I've published the source code to each of the levels and the slides from our talk at the meetup. Many great walkthroughs have been posted online, including a number from individuals and two from the security firms IOActive and Trustwave.
Average Time per Level
We wanted to make the challenges accessible to both seasoned security veterans and relative newcomers, so we tried to order them by increasing difficulty. Judging by the steadily climbing amount of time people spent on each level, it looks like we did all right. By all accounts, everyone had a lot of fun, and we hope you found it more enlightening than frustrating.