The yearly iCTF competition of the University of California Santa Barbara (UCSB) counts as one of the toughest in the field of applied IT security. Some even call it an unofficial CTF world championship. The team assembled at HTWG Konstanz finished best among the Universities of Applied Sciences in Baden-Württemberg earlier this month.
Goal of the competition was to analyse up to 42 services for software vulnerabilities within just nine hours, then demonstrate the vulnerabilities and implement countermeasures. Fifteen students of IT security, primarily enrolled in the bachelor programmes of the Computer Science department, and some master students, took part in the competition and worked until two o’clock in the night. I was impressed how focused and brave the group was. We had had just a few lectures and exercises in software security since the beginning of the semester.
We aim to educate good engineers in software security that build secure systems – training people to write exploits is not a priority in my teaching. Given that, the team performed well in terms of keeping services available, and scored less well with respect to demonstrating weaknesses in terms of exploits.
88 academic teams from 23 countries participated this time, and 67 scored more than 0 points. The team from HTWG was among the top 69% of all active teams. Comparing Universities of Applied Sciences in Baden-Württemberg, HTWG Konstanz was best. Of all state universites, teams from universities in Mannheim and Ulm showed a stronger performance.
Participation in the CTF competition was supported as part of the HTWG project „Research-Based Learning“.