I regularly review players’ submissions to see if they have followed best practices to address the vulnerabilities. Often, for easy challenges, hacking/security tests are not strict. This is mainly to encourage more engagement, as players may be very new to AppSec. However, our aim is to help them write a best practice patch as they progress.
We are in the process of building a new edition of challenges that enforce additional checks and guide you in writing a better security patch. The first one is Integer Overflow II. This challenge is similar to the previous integer overflow challenge but with added constraints. Have a look at the video below to learn about some of the pitfalls that were previously used by some players.
Integer Overflow II is available in multiple languages. Give them a try and let us know your thoughts.