Amit Ashbel joined Checkmarx From Trusteer (acquired by IBM). He has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities over the years, including technical and Senior Product lead positions. We’ve learned from him about Game of Hacks and he promised to challenge us at DefCamp 2015. But before, let’s learn together more about it.
What is your expertise and experience in the cyber security area?
I have been working in the cyber security industry for the past 14 years and have filed multiple technical and business positions including Senior Product management and Product Marketing positions. I have a technical background and a deep understanding of multiple cyber security solutions including Networking, End Point, Fraud prevention and Application Security solutions.
When and how Game of Hacks started?
Game of Hacks started about a year ago as a marketing campaign however quickly became much more than that. Game of Hacks today is one of the most used on-line applications security education tools and more than 100k developers + security professionals worldwide have already taken the challenge.
How much knowledge somebody needs to have in order to play the game?
The game is divided into three levels (beginner, intermediate and expert) You need to have basic coding knowledge. Part of the game’s goal is to educate and raise awareness for professional with minimal security knowledge and good coding skills.
How often do you update the platform? There are new exploits and vulnerabilities released on the market and looks kind of hard to keep it up
The game is designed to accept new code samples from players and we also add content to it on a regular basis.
What is the purpose of the platform?
Education for the market and increasing awareness in the industry for coding best practices.
Any vulnerabilities found on the platform by the existing players?
Definitely, we purposely exposed vulnerabilities within the game as we knew it would attract hackers. Part of the talk shows examples of such attacks
Do you think responsible disclosure should be priority in countries regulation?
I think responsible disclosure is important however there has to be an ability to responsibly expose a vulnerability in case a vendor does not cooperate quickly enough or at all.
Do you have any advises for our participants who want to test the platform beforehand?
Just go to www.gameofhacks.com and play.
Do you really think that a platform can be 100% secured?
No! Security is a cat and mouse game and as long as there is valuable data to take hackers will always find a way around protection. Therefore we believe it is critical to address security in every layer of the organization however starting at the application code level makes a huge difference both in the expenses spent on security plus on the difficulty of infiltrating applications to gain sensitive data.
DefCamp is organized by the Cyber Security Research Center from Romania – CCSIR in partnership with Orange Romania, Bitdefender and Checkmarx, and support of Ixia, Safetech, Beyond Security, Dell SecureWorks, Dell SonicWALL and Cert Sign by UTI.