A Comparison of Hosting Techniques for Online Cybersecurity Competitions

Online cybersecurity competitions have gained significant traction in the community for educational and evaluative purposes because they offer dynamic environments for learning intricate technical concepts in an engaging, non-traditional, and interactive manner. While such competitions are increasingly popular and frequently held, organizing them is not straightforward. Developers must design challenges that are both innovative and balanced in difficulty, ensuring an enjoyable learning experience. Concurrently, effective hosting, configuring, and managing the online infrastructure that underpins these games are technical challenges demanding informed decisions. Unfortunately, no comprehensive resource exists to guide organizers in choosing suitable hosting architecture and tools based on their technical proficiency and event scale. This paper contributes to addressing this gap by examining prevalent architectures for hosting Capture The Flag (CTF) competitions and evaluating them using criteria encompassing several factors. These factors include environment setup, deployment, configuration, and updates of vulnerable services, system maintenance, and security mechanisms. Each criterion is qualitatively assessed with an associated numeric score. Finally, the paper puts forward recommendations on architecture and tools based on event size and organizer skills.