Oct 22, 2015
seen from Germany
seen from United States
seen from China
seen from Malaysia
seen from China
seen from United States
seen from China
seen from Singapore
seen from Italy
seen from Italy
seen from Italy
seen from Italy
seen from Singapore
seen from China
seen from Malaysia
seen from Russia
seen from South Korea
seen from China
seen from France
seen from United States
Tumblr HackDay - Final Product
So, the 2015 Tumblr HackDay came to an end, a few of us resisting the urge to sleep throughout the night while most actually crashed right as the sun was rising.
My project, temporarily dubbed Security Training Grounds, is a web application that focuses on teaching Defensive Web Application Security through Offensive Training. Do whaaaat?!
The app, a website nonetheless, is a giant tutorial walkthrough in the style of a Capture the Flag competition. There are two modes of the site, "beginner" and "advanced" (though you can easily use one or the other at any given time).
When using the app, you're presented with a list of categories and their challenges. The categories, at least the ones I wrote challenges for so far, are XSS, CSRF and SQLi.
When using the "beginner" mode, you are provided step-by-step instructions in user-friendly (and animated) walkthrough guidance on each challenge. How many steps / hints you use is entirely up to you, but following them should help take you to the final solution (though the tutorial never actually gives you the exact solution).
When using the "advanced" mode, you're simply presented with the challenge and you take it from there!
Upon completing the challenges, such as making a JavaScript alert dialog appear on the XSS challenges, or selecting the flag column from the flags table in the SQLi challenges, you'll be presented with a unique flag to enter into the app. Doing so will put you up on the leaderboard so you can show off your skills =]
On top of that, completing each challenge will show you various methods to prevent introducing the same vulnerability into your applications. Paired with the slew of written documentation, this should be a very useful project!
Over 7k lines of code, 300 commits, 4 databases and a phantomjs service - this was one beastly HackDay project and I'm shocked I was able to complete it all on time and on my own!
Sadly, I didn't win HackDay. I was aiming for the For the Team category and, personally, I think that they didn't explain the "voting" rules very well since my project was the only project in that category... and it didn't win (the one that did win this category was "a feature for the website," and it was presented before mine so I think judging was skewed due to misinformation). Maybe mine was just that bad? Who knows =P
Regardless, I had a blast writing the thing and we'll actually be using it at Tumblr to teach new (and old) employees secure coding practices - and we'll get to have some fun in the process =]
Tumblr HackDay - Update #3
4:30am and still going strong, though the same can't be said for some of the other engineers.
Some have passed out from excessive alcohol consumption, some have wandered floor-to-floor seeking sleep-deprived shelter and of those who remain awake, only some of us still maintain our sanity.
I'm currently up to 5972 lines of code written and nearly 250 commits. The project's definitely not finished yet, but the final product is within sight!
14.5 hours in and hack day is getting weeeiiiiiirrrddddd.
htmlbyjoe
idgaf