Stripe Capture the Flag: Solutions Permalink
Stripe is a web payments company whose engineering team get web security. They launched a hacking contest. Joseph Tartaro of IOActive has kindly compiled this writeup of the solutions.
It is a must-read for anyone interested in web security. Wait, scratch that — for anyone who even touches web application code.
In February, the engineering team at Stripe (easy, secure web payments) created the first Stripe Capture the Flag, a "security wargame" intended to test your ability to find exploits in vulnerable code. This event was largely based on understanding of Unix systems, C exploits, with one PHP exploit thrown in.
The original event was a huge success, with attention from Hacker News as well as Reddit (of course).
A few days ago the team released Stripe CTF 2.0 which they are calling "Web Edition". They stepped up the support systems for this one, with logins, a leaderboard, and public code on GitHub. But what's even better is the type of exploits that are covered:
So dig in! It will give you The Fear. That's a good thing. Just try not to let it keep you up at night — too much.