Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education


Tanner J. Burns, Samuel C. Rios, Thomas K. Jordan, Qijun Gu, Texas State University; Trevor Underwood, Netspend Corporation


Cybersecurity competitions are getting more attention as a prominent approach of computer security education in the past years. It is vital to look into better ways to engage beginners in the competitions to improve computer security education. This work collected and analyzed the solutions of about 3600 Capture The Flag (CTF) challenges from 160 security competitions in the past three years. This work identified the security issues that are the most concerning to industry and academia and enumerated the security tools and techniques that are used the most by players. Based on the analysis, this work presented a set of computer security exercises as a downloadable tool package for beginners to try out in an introductory computer security course.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {205219,
author = {Tanner J. Burns and Samuel C. Rios and Thomas K. Jordan and Qijun Gu and Trevor Underwood},
title = {Analysis and Exercises for Engaging Beginners in Online {CTF} Competitions for Security Education},
booktitle = {2017 USENIX Workshop on Advances in Security Education (ASE 17)},
year = {2017},
address = {Vancouver, BC},
url = {},
publisher = {USENIX Association},
month = aug,