While it's easy to read about web-based vulnerabilities like XSS and SQL injection, it's often difficult to find a hands-on environment to interact with and fully exploit these vulnerabilities. Given the number of security flaws found on the web every day, we've found it very useful to have practical experience with how attackers find and exploit vulnerabilities.

To address this need, we ran a Capture the Flag security challenge earlier this year. We were blown away by the response: people logged in from over 12,000 unique IP addresses, and 250 participants captured the flag.

Next week, we will be hosting our second Capture the Flag contest. Unlike the one we ran in February, which focused on low-level vulnerabilities such as buffer overflows, this CTF will be dedicated to web-based vulnerabilities and exploits. It'll be open to anyone who's interested in trying their hand at exploiting our levels. If you capture the flag, we'll send you a special-edition Stripe CTF t-shirt.

Start: Wednesday, August 22nd, 2012

at 12 noon PDT End: Wednesday, August 29th, 2012

at 12 noon PDT

We hope that the next week will give you time to begin familiarizing yourself with the world of web security, and maybe find a team to work with. The levels will use a variety of web languages, such as JavaScript, PHP, Python, and Ruby. If you'd like to do some reading in advance, the Open Web Application Security Project and Google Browser Security Handbook are great places to start.

Check back here in a week to Capture the Flag!