What is SecDim AppSec Wargame?
SecDim Wargame is a fun, engaging and educational attack and defence wargame to gain hands-on skill in a trending application or infrastructure security topic. In a short session, you develop skills in identifying a modern security vulnerability, exploiting its weaknesses, and, more importantly, implementing effective remediation.
What are the formats of SecDim wargame?
- Defence only: You receive a containerized app in a git repository format, and your task is to identify and remedy its security vulnerability within a specified timeframe. Upon code submission, the platform checks for successful patching, awarding a score for successful remediation. In case of issues, the output provides hints to pinpoint the problem…
- Attack and defence: The objective is to safeguard your app while simultaneously attempting to hack other players’ apps. You are provided with a containerized app in a git repository that you need to address its vulnerabilities. After pushing your code, the platform verifies that the app’s functionality remains intact. Your app is then deployed, and gets a unique URL. You can then access the hackers’ lobby page where you can access other players’ apps. The goal is to explore, identify, and exploit vulnerabilities in other apps to extract their secrets/flags. Submitting a flag for a player awards you with a score on the platform.
Why a wargame?
Security games or contests have proven to be an effective approach for mastering a new skill compared to traditional tutorial-based learning. SecDim’s Attack and Defence wargame equips you with everything you need to know about a security vulnerability: finding, hacking, and fixing.
Who is the winner?
There will be a live leaderboard. The player who has accumulated the highest score in the shortest time will be declared the winner. Special mention may also be given to the runner-ups.
Is there any prize?
Yes, there will be uniquely designed participation and winner badges that you can collect and share online. These electronic badges are custom made for the event that can be only collected during this event. There may also be some additional prizes.
Can I form a team?
No, this is a solo competition.
What are the programming languages and frameworks involved?
There may be a mix of languages. We tailor the language and framework to your company’s usual technology stack.
How do I get prepared?
1 week before
- If this is the first time you access the SecDim platform, visit https://play.secdim.com, choose one of the available games, register an account, and complete the Introduction challenge. You may need your company’s unique registration link to get full access.
- If you have previously used SecDim, go to your company’s exclusive game on https://play.secdim.com and redo one of the challenges. Try to clone the challenge locally or use CDE. Ensure that you can run, test, and push code. Finally, visit https://learn.secdim.com and read some of the topics and complete the labs.
24 hours before
- Ensure you can login to your SecDim account and access your private company game.
- Ensure you can run, test and push code using CDE or locally.
- Do not upgrade any tools (something will break and leaves your stressed)
I have an issue, where can I ask?
Go to https://discuss.secdim.com and ask your question in your private discussion board (there is a padlock next to your private discussion board).
Will there be any hints?
Yes, there will be hints with and without penalty that will be shared during the session.
Any pro tips?
It is a lot quicker to do the challenges, if you setup SSH access to git clone the challenges locally. You can find the information about setting up your SSH access, by clicking on the user menu on https://play.secdim.com, selecting Account Settings and SSH Key.
What is the agenda?
- 10 min: briefing, recap and game link is shared
- 45 min: contest starts and underways
- 20 min: contents ends. Debrief and solution walkthrough
Is this a remote or in-person event?
Please check your calendar invite.