Capture The Flag (CTF)

Capture The Flag, abbreviated CTF, is a type of cybersecurity competition in which participants solve security challenges to find hidden strings called flags. Each flag, once submitted, awards points. Challenges span categories such as web exploitation, binary exploitation, reverse engineering, cryptography, and forensics.

Web CTF challenges frequently involve PHP applications with intentional vulnerabilities: type juggling, code injection via eval(), file inclusion via unsanitised input, insecure deserialisation, or logic flaws in authentication. Solving them requires understanding both the PHP language and common attack patterns.

CTFs are used for learning, hiring, and security research. They are a legal and controlled environment for practising offensive techniques that would be illegal on real targets.

Documentation

See also CTF101 — Web Exploitation.

Related : Security, Penetration Test, Vulnerability, Type Juggling, Eval(), Local File Inclusion, Insecure Deserialization, Code Injection, OWASP