rock - Dave's Blog

Stripe is running a web security capture the flag - a series of increasingly difficult web security exploit challenges. I've finished it and had a lot of fun. Working on a web browser I knew the theory of these various web based attacks, but this was my first chance to put theory into practice with:

• No adverse consequences
• Knowledge that there is a fun security exploit to find
• Access to the server side source code

Here's a blog post on the CTF behind the scenes setup which has many impressive features including phantom users that can be XSS/CSRF'ed.

I'll have another post on my difficulties and answers for the CTF levels after the contest is over on Wed, but if you're looking for hints, try out the CTF chatroom or the level specific CTF chatroom.

Sarah and I have been enjoying Glitch for a while now. Reviews are usually positive although occasionally biting (but mostly accurate).

I enjoy Glitch as a game of exploration: exploring the game's lands with hidden and secret rooms, and exploring the games skills and game mechanics. The issue with my enjoyment coming from exploration is that after I've explored all streets and learned all skills I've got nothing left to do. But I've found that even after that I can have fun writing client side JavaScript against Glitch's web APIs making tools (I work on the Glitch Helperator) for use in Glitch. And on a semi-regular basis they add new features reviving my interest in the game itself.

• Jaydiohead - Radiohead & Jay-Z mashup. Listen:
  Jaydiohead - 06 - Dirt Off Your Android by Max Tannone


• Selene - Richard Rich & beats over the Moon soundtrack. Listen:
  Selene - 01 - You Are Here by Max Tannone


• Double Check Your Head - Beastie Boys albums mixed together. Listen:
  Beastie Boys - 02 - Pass The Gratitude by Max Tannone