No sleep pays off at #SS17HACK
Thirty-four young people hunkered down in a room at the ITWeb Security Summit 2017 this week for the #SS17HACK, a Geekulcha initiative in association with ITWeb Events and Snode.
The winners, who called themselves team 'Nosleep' built a platform that allows corporates to upload an instance of their computing environment, and hackers can then 'have a go' at penetrating it, according to the team's spokesperson Yedidia Muk'mar (21).
The team are all students at the WeThinkCode software training organisation in Johannesburg.
Muk'mar said companies would upload their environments in a Docker container, and if any weaknesses were found, the hacker could recommend a solution to the weakness.
Team Nosleep won R20 000, which will be split between among the team members.
"When we arrived, we had no idea what we were going to do, and so we spent some time speaking to the delegates. The problem we identified - the biggest threat in IT security - is a shortage of skills. So that's the problem we're trying to rectify; training individuals to hack better, or secure systems better," said Muk'mar.
Tiyani Nghonyama, COO of skills development at Geekchulcha, said the participants had all gained important skills, which had been the main objective.
"It was great, and was the true definition of a hackathon," he said.
Manuel Corregedor, COO at Telspace Systems and one of the judges, said when they had started to examine some of the proposals, they found that some of the ideas weren't feasible.
"So some of them had to start again, from scratch, with their ideas. They had to adapt, but that teaches you a few things about software development; requirements are always changing."
Corregedor said speaking to the participants, they all had great ideas, 'but they hadn't really thought about the security side of things'.
"You start to ask questions, and then they start to change their minds. Creating an awareness around security, and how important it is, and why you should have it as part of your system has really opened their eyes."
"It's not just about functionality or useability, it also about security. I played the 'what if' game, like 'what if the attacker does this?'"
"You can't just implement stuff. There's certain laws and standards you have to adhere to. If you're going to be processing credit card information, for instance, you need to be PCI (Payment Card Industry) compliant. It's a big thing."