OWASP BASC 2025

Most security practitioners are aware of the learning and fun that comes from participating in Capture the Flag competitions. Racing against other teams, solving brain-twisting challenges, and seeing new ways to compromise systems teaches and entertains. CTFs are also a great tool to give non-security folks a hands-on understanding of how security vulnerabilities enable criminal activities, reduce user privacy, and degrade system reliability. In this session you will learn to build interesting, educational, and easy to use Capture the Flag events targeted at developers and other technical, non-security users. We will cover specific considerations for each audience you target, how to create engaging (yet solvable) challenges, and how to make the overall experience friction free for the participants. You will also learn tools and techniques to create easily repeatable, consistent events with minimal work. We will cover collaborative development, external system integration techniques, tooling and a fully automated deployment pipeline to make spinning up a new CTF as easy as pushing a button.