One of the reasons Facebook is a reasonably secure platform, despite being one of the most visited online destinations in the world, is because it has always encouraged the worldwide community of hackers and security experts to try and break it. Through its bug bounties and Capture the Flag (CTF) hacking competitions, it has encouraged everyone to take a crack at its systems and specific challenges.
But running that CTF virtual system is no small feat. It has taken years of tweaking for Facebook to get it right, and the initial set-up costs aren’t cheap, which is why the firm now open-sourcing the entire platform to the world. It hopes that by making CTF systems easier for others to implement, we’ll see a greater growth in digital security knowledge and more secure sites and services overall.
“Due to the high cost and technical requirements of building and running CTF environments, few publicly available resources exist for schools, students, and non-profit organizations to use,” Facebook said in a blog post. “Additionally, finding any security education resources at the middle and high school level is still a challenge. So, we built a free platform for everyone to use that takes care of the backend requirements of running a CTF, including the game map, team registration, and scoring.”
Facebook has been running CTF contests for a number of years now, helping the likes of everyone from college security students to girl scouts take a stab at cracking security, and learning how to do so in the process. By making the platform available to all for free, it’s hoped that even more organizations with even more members will get a chance to try it out for themselves.
Facebook believes that its Capture the Flag competitions can teach far more than your average computer science program, mostly because it lets people try out ideas in the real world, rather than just discussing the theory of it. It’s also a program that emulates what a lot of security-focused job interviews are like, which could help prepare those particularly interested in the subject for their future careers.
CTFs also target the offensive end of security, which is so often not the case when learning about it. That makes it an invaluable learning resource for anyone interested in security, and now it should be far easier to set up a contest to make that a reality for more people than ever before.
If you’d like to learn about setting up a CTF competition yourself, all of the relevant files needed can be found on the Facebook GitHub page.