This topic contains 1 reply, has 2 voices, and was last updated by currywurstkisses 1 month, 1 week ago.
- September 18, 2020 at 11:57 pm #308917
My company is currently trying to recruit a security engineer and we are looking for a tool a bit like [https://canyouhack.us/](https://canyouhack.us/) for interview purpose.
If possible a platform where we can have access to source code (maybe self hosted?) to allow both black box and white box and info about issues inside the website (even though we have some internal knowledge, we are clearly not specialist, knowing what can be found would help us).
Does such a thing exist? Most CTF I find are for learning or training purpose.
- September 18, 2020 at 11:57 pm #308918
It’s been a while since I checked out canyouhack.us so I’m not sure the exact comparison.
I think hackthebox.eu has a lot more options at least it did at one point. Especially for companies looking at recruiting. I’m not sure the details but you can post your own CTF.
Another option is grabbing or building a docker image. I believe OWASP has a lot with common vulnerabilities pre-built. Or you could clone a web app into a docker container and have someone test against that. Which would be more complicated.
Also if you prefer VM use vulnhub.com has VM images that can be setup fairly easily. You’ll just need to find what challenge fits.
- September 18, 2020 at 11:57 pm #308919
See my recent comment here about CTFd. You can host your own CTF no problem.
You must be logged in to reply to this topic.