Those who know me know that I might play in the occasional CTF competition. It's a good way to improve my skills, keep my mind sharp, and it's just plain fun. From a defensive security perspective, it's quite amazing to see how code that looks perfectly reasonable is, in fact, quite often very broken.  If you've never done a CTF, you should watch @rogueclown's "If You Can Open A Terminal, You Can Capture the Flag."

I do some extra practice between CTFs -- I'm currently working my way through the challenges on, and they've recently added support for scoring via WeChall, a scoring site for a variety of CTF/challenge sites.  In doing those, I've come across some good reading for anyone doing reversing/challenges/CTFs/etc: