CTF(CAPTURE THE FLAG) & PENTESTING WEBSITES TO PRACTICE YOUR häçkING & CYBERSECURITY SKILLS IN 2021
CTF competitions: what are they?
Capture-the-Flag events are computer security competitions. Participants compete in security-themed challenges for the purpose of obtaining the highest score. Competitors are expected to “capture flags” to increase their score, hence the name of the event. Flags are usually random strings embedded in the challenges.CTFs have increased in popularity as they attract a higher number of young talents each year. They help develop the essential skills required to follow a career path in cybersecurity.
These competitions can take many forms but the most common are Jeopardy and Attack-Defence. The report specifically focuses on these two types of CTF. An explanation and analysis is developed for each of them on the format, scoring, discussion and variants.
Findings: what kind of analysis and methodology was used?
The themes used to qualitatively analyse CTF events were chosen with the objective to provide readers with sufficient information about all aspects of organising a CTF event. This analysis, therefore, explores the following elements of the competition in details:
What are the main recommendations
Recommendations are provided in relation to the themes and areas explored. Formats for instance should be chosen according to the audience the competition is designed for. The accessibility and lower deployment costs of the Jeopardy format make it more suitable for non-professional participants. The Attack-Defence however, being more similar to wargame formats, is better suited to professional training exercises.
The report includes recommendations covering the following areas:
- Team requirements;
- Team sizes;
- Scoring and rules;
- Parallel competitions;
- Challenge formats;
- Communication and media;
- Post-event.
The report on CTF Events will be of particular interest to all individuals and organisations who are involved in the design of CTF competitions. It will also help participants and organisations who intend to promote such events to find valuable information on how such events are structured and made functional.
Upcoming event
ENISA will be organising the first International Cybersecurity Challenge. Security Union Vice-President Margaritis Schinas announced the preselection of players for Team EU on the occasion of his visit to ENISA on 6th May.
Background
The European Cybersecurity Challenge (ECSC) is an annual exercise, coordinated by the European Union Agency for cybersecurity. The event offers a platform for young cyber talents across Europe to gather and engage in networking over a unique opportunity to experience cooperation in trying to resolve a cybersecurity problem.
The ECSC is intended to encourage young people to pursue a career in cybersecurity, by challenging and developing the participants’ skills needed in such extreme situations and connecting them with industry.
Supported by the European Commission and EU Member States, the ECSC falls within the skills chapter of the EU Cyber Security Strategy for the Digital Decade and the NIS Directive.
Further information
ENISA press release – Vice-President Schinas announces Team EU for the first Cyber World Cup
ENISA topic – European Cybersecurity Challenge (ECSC)
ECSC website - European Cybersecurity Challenge
ENISA report - Cybersecurity Skills Development in the EU
50 ETHICAL WEBSITES TO PERFORM YOUR SKILLS. FROM BEGINNER TO ADVANCED!
LINK SOURCE
