Analysis and Evaluation of Capture the Flag Challenges in Secure Mobile Application Development

Stylianos Karagiannis; Emmanouil Magkos; George Chalavazis; Maria Nefeli Nikiforos; Stylianos Karagiannis; Emmanouil Magkos; George Chalavazis; Maria Nefeli Nikiforos

doi:10.5121/ijite.2022.11202

Volume 11, Number 2

Analysis and Evaluation of Capture the Flag Challenges in Secure Mobile Application Development

Authors

Stylianos Karagiannis^{1, 2}, Emmanouil Magkos¹, George Chalavazis¹ and Maria Nefeli Nikiforos¹, ¹Ionian University, Greece, 2PDMFC, Portugal

Introduction

Capture the Flag (CTF) challenges are frequently used as cybersecurity learning environments to engage students in cybersecurity education activities and learning, focusing on technical concepts. CTF challenges cover various learning topics. However, they do not always maintain a clear learning outcome. In this paper, we present a systematic approach to study and evaluate CTF challenges, then apply the evaluation methodology in two CTF challenges that relate to the development of secure mobile applications. For this proof of concept, we used the National Initiative for Cybersecurity Education (NICE) which is a cybersecurity educational framework published by the National Institute of Standards and Technology (NIST). Additional information was used for the evaluation process which included threat, vulnerability, and weakness taxonomies proposed by Open Web Application Security Project® (OWASP) and Mitre Corporation (MITRE). The evaluation methodology could be used to assess and determine the learning outcomes of other existing or upcoming CTF challenges, including though not limited to secure mobile application development.

Keywords

Cybersecurity, Mobile Application Development, Capture the Flag, OWASP, MITRE, NICE Framework.

Archives