June 23, 2017 5:28 PM
Palo Alto Networks Information Security Capture the Flag Event 2017
Safety and Security. Two of the most important things that we value in our lives. But what does it mean to be safe and secure? From a developer’s perspective, our priority is completing an application in time for the release, causing us to forget the most essential step of all, ensuring that everything we build is safe and secure. This failure to safeguard the application and assure user privacy has devastating consequences. So have we forgotten about security or is it just not our top priority?
Here is the way I see it. We haven’t forgotten security nor have we taken it off our list of priorities. Instead, the reason tends to lie in our ability to secure our applications. Many people lack the necessary knowledge or expertise to locate the vulnerabilities in their own applications, hindering them from building safe and secure applications. In fact, this was me until I attended Palo Alto Network’s first ever day-long Capture the Flag event on June 22, 2017.
Organized by the company’s Information Security team, the event was primarily focused on identifying various techniques to hack an application and encouraged participants to experience a day in the life of a professional hacker. Employees, interns, and high school students alike split into teams of 6 or 7 and hacked away at a website over a period of 6 hours, exploring SQL injection, Cross-Site Scripting (XSS), Denial of Service (DoS), Malicious File Uploading, etc. My team and I were able to complete 23 challenges out of the 35 challenges, and we received 9th place out of 20 teams. Working with people of all experience levels and ages allowed me to make new connections and learn more about what the future has ahead for me.
The event was a gateway for many young, aspiring computer scientists to experience the hidden world of information security. It was also eyeopening to learn how a hacker thinks so that we can prevent those same attacks on our daily applications. But more questions arise: “How much can we really prevent these attacks? Can we prevent every type of attack?”
When I asked these questions to Palo Alto Networks’ Information Security team, here is how they responded:
Our objective isn’t to prevent every type of attack that a hacker may devise because that would be nearly impossible. Instead, we focus on making the hacker’s life increasingly difficult, discouraging them from attacking our applications. This way, the hacker is forced to weigh the costs vs the benefits, and realize that the time and effort to attack our applications is not worth it.
- Palo Alto Networks Information Security Team
I was surprised to hear their response because it was a unique way of going about the issue. Throughout the event, I had been in the mindset that the only way to defend against hackers was to stop them for good, but the idea of making their life more difficult had not occurred to me. I was told that hackers love loopholes and they will search every corner of an application until they find even the smallest vulnerability. So isn’t the solution simple? Cover every loophole…but let’s be honest, are you really covering every loophole?
As technology grows, new hacking techniques emerge, and with them, the number of hackers begin to grow. Someone is responsible to keep these people from ruining what we have so dearly built. But who is that someone? Believe it or not, it’s YOU! So let’s not forget that every application we build is not complete without security, and until we learn to understand this hidden world of information security, we can never make our applications safe and secure. So make security your top priority before the hackers make your application their top priority!