FAQ

The mission of CSA is to enhance student learning and professional growth by providing opportunities for students to better prepare themselves academically and professionally. We accomplish this through competitions, learning activities, special guest speakers, student and alumni networking, and providing groups to study for cyber security related certifications.

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Source: Cisco – https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

Any student of BYU Idaho can join the Cyber Security Association.  This includes on-campus, and online students (including Pathway admitted students).

Alumni can participate as mentors.

“Capture The Flag” (CTF) competitions (in the cyber security sense) are not related to running outdoors or playing first-person shooters. Instead, they consist of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more. When players solve them they get a “flag,” a secret string which can be exchanged for points. The more points a team earns, the higher up it moves in rank.

Advanced CTF: Watch @LiveOverflow’s video on the topic to learn more.

Source: https://buildyourfuture.withgoogle.com/events/ctf/#!?detail-content-tabby_activeEl=rules

——————
Other Explanations:

In computer security Capture the Flag (CTF), “flags” are secrets hidden in purposefully-vulnerable programs or websites. Competitors steal flags either from other competitors (attack/defense-style CTFs) or from the organizers (jeopardy-style challenges). Several variations exist, including hiding flags in hardware devices.

Security CTFs are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world (i.e., bug bounty programs in professional settings). Classic activities include reverse-engineering, network sniffing, protocol analysis, system administration, programming, cryptoanalysis, writing exploits, etc.

In an attack/defense style competition, each team is given a machine (or a small network) to defend — typically on an isolated competition network. Teams are scored on both their success in defending their assigned machine(s) and on their success in attacking the other team’s machines. A variation from classic flag-stealing is to “plant” own flags on opponent’s machines.

Hardware challenges usually involve getting an unknown piece of hardware and having to figure out how to bypass part of the security measures, e.g. using debugging ports or using a Side-channel attack.

Jeopardy-style competitions are closer to programming competitions: teams do not directly attack each other, but rather solve challenges posed by the organizers. Time is generally not be a factor in scoring these competitions, but “first blood” bonus points are often given to the first solver.

In King of the Hill-style challenges, players gain points by relative ranking. Classically, only the top team gains points. When another team bests the current champion (e.g., by gaining access to the shared “target” machine that the champion was defending), they become the new champions and shift to defending their own position against others.

In hacking, a wargame (or war game) is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, or gain or prevent access to a computer system.

A wargame usually involves a capture the flag logic, based on pentesting, semantic URL attacks, knowledge-based authentication, password cracking, reverse engineering of software (often JavaScript, C and assembly language), code injection, SQL injections, cross-site scripting, exploits, IP address spoofing, forensics, and other hacking techniques

Source: WikiPedia – https://en.wikipedia.org/wiki/Capture_the_flag

Source: WikiPedia – https://en.wikipedia.org/wiki/Wargame_(hacking)

What is Hacking?

Hacking is all about curiosity, exploration, and deeply understanding how something works. Most people who identify as “hackers” are working very hard to protect people and to make technology easier and safer to use. Unfortunately, when most people hear or read about hacking in the news, the story is about people using hacking to do harm, but this couldn’t be further from the truth. Career-wise, people skilled in hacking are highly sought out by companies looking to strengthen their cybersecurity. Computer security experts are in very high demand today, and often are paid six-figure salaries.

Source: https://picoctf.com/students#what-is-hacking

---

A computer hacker is a computer expert who uses their technical knowledge to overcome a problem.   While “hacker” can refer to any skilled computer programmer, the term has become associated in popular culture with a “security hacker“, someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering,challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers. The subculture that has evolved around hackers is often referred to as the “computer underground.

Breaking into systems without permission is unethical and in many cases against the law.

Source: WikiPedia – https://en.wikipedia.org/wiki/Hacker

Source: WikiPedia – https://en.wikipedia.org/wiki/Security_hacker