Lots of action over the weekend in Vegas! A glimpse into our official Fix the Flag contest at DEF CON’s AppSec Village:
- Unlike a CTF, the objective of challenges were to fix security vulnerabilities in web apps, APIs, LLM apps, containers, clusters and Web3 contracts.
- There were a couple of Attack and Defence challenges. In these novel challenges, the player needs to secure their own app while attacking other players’ apps. SecDim is pioneer is building a platform to provide this new type of secure coding challenge. It pushes the boundaries in ways users remediate and exploit vulnerabilities.
- This official contest ran for two and half days contest.
- We released 29 challenges including 2 Attack & Defence and community contributed challenges.
- All the challenges were solved by at least one player.
- We had 131 users register since the game started.
- There were 931 challenge attempts in total, with people patching the Attack & Defence challenges 33 times. This means 33 times the players got hacked and needed to fix their security patch. This pushes each player to limits of their secure coding skills to build the best possible security patch.
- We had about 10 young talents from Social Engineering Community (SEC Youth Challenge) come and learn about Fix the Flag contest.
- At the heat of the competition, we had 50 concurrent VMs (for Cloud Development Environments) consuming over 100GB of RAM!
The prizes were provided in two categories: Players who secure the most apps and the best contributed challenges.
Congratulation to @Szarny to secure the most applications, following with @pigeondrops as the runner-up.
Congratulation to @becojo to win the best contributed challenge, following with @Matt as the runner-up.
Thanks to Veracode for sponsoring the prizes. Thanks to Erez Yalon, Liora R. Herman and volunteers of AppSec Village for their incredible hosting!