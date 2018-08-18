Wilmington, MA, Aug. 18, 2018 (GLOBE NEWSWIRE) -- Security Innovation, a pioneer in software security assessment and training, announced that hundreds of DEF CON 26 attendees were able to put their red team skills to the test at its recent CMD+CTRL Contest held over two days in Las Vegas, NV. Participants were challenged to think like attackers to find and exploit vulnerabilities in two intentionally vulnerable web sites – a new and advanced DigiExchange crypto currency site and InstaFriends, a social media site.



As the only authentic application security cyber range, CMD+CTRL consists of purpose-built applications in each available vertical that participants can attack to discover flaws. It provides the type of training needed to overcome the security skills gap that most organizations face.

“Cyber ranges are incredibly effective for many reasons. They are experiential learning tools that encourage people to explore, search for solutions and learn in a way that is exciting while also helping to solidify the concepts they are learning about by seeing them come to life right in front of their eyes,” said Lisa Parcella, Vice President of Product Management & Marketing at Security Innovation. “It is educational to read or watch a video about how an attacker thinks, but it is transformative to become that attacker and use your wits and knowledge to perpetrate an actual attack.”

Over a hundred teams vied to attain the maximum score of 30,160 points while learning first-hand how applications are fundamentally attacked. The top scoring team, Bah Humbug, earned 18,959 points, followed closely by Savage Submarine with 17,365 points, leaving 0xB4D1D3A in third with 13,165 points. DigiExchange was the harder challenge site, where almost all of the vulnerabilities required bypassing some weak form of protection. InstaFriends simulated a social media environment where players gained insight into how hackers would attack a social media web site such as editing someone else’s profile, viewing private photos, becoming group and site administrators, etc.

While the three most commonly found vulnerabilities included SQL Injection on the login fields, gaining unauthorized access to administrative functionality, and bypassing client side controls, a number of cross-site scripting (XSS) vulnerabilities flew under the radar. An XSS vulnerability allows for many different possible attacks against a victim such as stealing their session tokens, forcing the user to send attacker controlled requests to a server, changing the content of a page, or many other malicious activities.

Security Innovation has conducted CMD+CTRL cyber range trainings around the globe for thousands of players at the world’s leading brands and industry conferences including FS-ISAC, OWASP AppSec California, RSA Conference, Hackfest, BSides, and more.

About Security Innovation

Since 2002, organizations have relied on Security Innovation for our unique software security expertise to help secure and protect sensitive data in the most challenging environments - desktops, web applications, mobile devices and in the cloud. A best in class security training, assessment and consulting provider, Security Innovation has been named to the Gartner Magic Quadrant for Security Awareness Training for four consecutive years. Security Innovation is privately held and headquartered in Wilmington, MA USA. For more information, visit www.securityinnovation.com or connect with us on LinkedIn or Twitter.

