Gamified learning, such as hackathons, are widely seen as one of the most effective ways to develop new skills.
For any organisation looking to enhance the cyber security capabilities of their software developers, hackathons offer a fun and exciting opportunity for their teams to test out existing knowledge whilst picking up some new skills along the way.
Last month, CyberCX ran its inaugural AppSec hackathon in which 180 participants competed remotely to identify and exploit vulnerabilities in two fintech application challenges:
For competitors with beginner to intermediate experience, this challenge included a range of intentional vulnerabilities of varying difficulty. Vulnerabilities included cross-site scripting (XSS), password cracking, authorisation bypass, business logic abuse, SQL Injection, and others.
For competitors with intermediate to advanced experience, this challenge included 54 exploits such as SQL Injection, XSS, authentication/authorisation issues, business logic flaws, and others. Many of the vulnerabilities included poorly implemented mitigations, such as blacklisting attack strings and client-side validation, which competitors needed to identify and remedy.
The event brought together competitors, including security professionals, developers and students, from across Australia and New Zealand.