Abstract
Capture The Flag (CTF) simulation can improve the player's knowledge of the cyber attacks and how to secure and mitigate those attacks. This research aims to establish a CTF simulation based on injection vulnerability based on the STRIDE threat model (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). and then building the CTF simulation with the Injection scenario based on the STRIDE threat model. We develop the CTF simulation environment based on a web application by using a server flask on a virtual machine with various Injection scenarios. The simulation environment consists of two server applications, namely middleware and backend, with different ports to access the Capture The Flag web application. The simulation of each scenario has been tested and can describe the threat model STRIDE. The results show that our CTF web-based simulation can effectively run the STRIDE Injection model.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
