[hcs-d] Stripe CTF

Carl Jackson carl at hcs.harvard.edu
Wed Aug 22 15:39:46 EDT 2012

If anyone is interested in Web security, Stripe just released their second Capture the Flag. The idea is that there are 9 sample web applications, each which have a subtle vulnerability that allows you to gain access to a "flag" — a piece of data you shouldn't have access to.

If you've never seen a real SQL injection in action, never tried to write an XSS attack, or if you're just curious what other vulnerabilities web apps can have, you should check it out. I helped test-solve the levels, and by the end they get very tricky!



More information about the hcs-discuss mailing list