November 26, 2013
This article is for open source developers as well as for web developers, devops and system administrators. It explain the advantages of using CTF365 as a web security testing platform for open source projects.
CTF365 concept was inspired by The Internet, guided by CTF competitions and crafted for ITC industry to learn, train and improve web security. Our goal is to build a platform where all users and teams can train and learn defensive security as well as offensive security. Moreover, because of its flexibility, CTF365 can be used as a web testing platform for security issues when open source projects are in scope.
Basically we start to build our internet replica by mimic the real world and, beside that users will improve their security skills and open source software/products our CTF365 Internet world will be full of fun making all tasks and spending time, more enjoyable. Bellow you have an example about what services and how CTF365 Internet will look like.
All these services and products will be available for security attacks practices without restrictions whatsoever. All applications behind CTF365 services will be powered by open source projects.
This is our opinion about Open Source. Our CTF365 platform include open source software developed by hundreds and hundreds of passionate geeks who believe in their ideas and this is awesome. Our team has contributed to such projects too, developing from scratch or sending patches to other great Open Source projects.
One problem that most OS (open source) projects confront with, is their lack of security professionals to better secure the software which lead to a insecure software that can create a domino effect when use at large (see Java).
So we have decided to bring our contribution one step further to the Open Source community by offering our platform for free to those great people in order to make their open source projects more secure. Moreover, our PenTester community will try to find vulnerabilities or flaws and report them. This is a win-win situation for both sides: security professionals and open source projects. Security professionals get train while open source projects get more and more secure.
If you are a project manager for an open source project and want to use our platform, just get in touch with us at support [at] ctf365.com with subject line: Open Source Project. If you know someone who work in a great open source project, tell him/her about us.
At this moment CTF365 it’s in Alpha Stage and we already have 70+ Fortresses (running servers) that can be hacked at will Googu.ctf, Crow.ctf and GoGrandpa.365 included. For example, the Search Engine behind Googu.ctf it’s a YaCy default installation and our security professionals community already send to YaCy Team 5 XSS vulnerabilities making YaCy much safer.
Though we’re still in Alpha the concept proved its design value.
Alpha stage is for web development companies, information security company representatives, computer security faculty, companies that have information security departments that need continuous training, infosec conferences organizers, CERT/CSIRT as well as any organization such OWASP or infosec focused to test and see how CTF365 can help them.
If you are a business owner or representative that think CTF365 can be a good asset to your company and want access to Alpha Stage, just send us an email to support [at] ctf365.com with Subject line: Alpha Access and we’ll grant your access.
CTF365 it’s a five stars security training platform that aim to help Open Source Projects to improve their security while security professionals and students get best training real world experience.
Stay secure while having fun.