AppSec USA 2017 has ended
Back To Schedule
Thursday, September 21 • 3:30pm - 4:15pm
“Capture the Flag” for Developers: Upping your Training Game

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Getting developers to care about security is tough, but turning your developer training into a hands-on puzzle game with a Capture the Flag (CTF) event can create excitement while effectively accomplishing the real goal of the training. Permanently open their eyes to what goes wrong when security controls are left out and give them the attacker’s perspective to look critically at their code moving forward. Consider that students remember 20% of what they hear – and 90% of what they do. Hands-on training is radically more effective.


This presentation will discuss the pedagogical underpinnings to the technique (so management will approve it), and practical recommendations on implementing an event (so that the participants will have a good time). After several years of running events in a variety of contexts, I’ll share some success stories and admit to some failures that will help put you on the right path for your own event.


Topics will include:

• Designing your event infrastructure to minimize risk and satisfy IT policies.

• Preparing difficult, but solvable challenges.

• Managing players while encouraging them to break the rules.

avatar for Mark Hoopes

Mark Hoopes

Senior Application Security Engineer, Aspect Security
Mark Hoopes has been working in enterprise IT delivery for nearly 20 years in an assortment of roles including development, project management, and major incident management. He found his niche in application security and has been effectively on vacation ever since. Throughout his... Read More →

Thursday September 21, 2017 3:30pm - 4:15pm EDT
Coronado J