Bigger and better than ever: What you missed at the 2019 Shearwater AppSec Hackathon

There’s nothing quite like the thrill of a hackathon for refining or showcasing IT security skills. When you give coders, students and security experts the opportunity to solve real-world problems in a time-bound challenge (with a healthy dose of competitive spirit thrown in), it creates a highly immersive and engaging learning experience. 

Now in its fifth year, the Shearwater Application Security Hackathon has gone from strength to strength, attracting more and more teams as it supports the development of Australia’s cybersecurity industry. 

Quickly becoming one of Australia’s largest AppSec training events, Shearwater’s Hackathon offers a hands-on learning event with unmatched realism to develop essential security skills. The event was promoted by AISA and AusCERT, and sponsored by nib Health Funds and IT distributor Arrow ECS ANZ



1 day, 150+ participants

On Friday 15 November 2019, more than 150 high-calibre developers, cybersecurity experts and students nationally came together to test their skills in a ‘capture the flag’ style security challenge.

The 2019 Shearwater Application Security Hackathon saw teams and individuals competing to complete 55 challenges including:

· SQL injection
· Vertical and horizontal authentication bypass
· Various crypto challenges.

The national event attracted participants from Sydney, Melbourne, Canberra, Brisbane and numerous remote sites across Australia, with representation from top corporates, federal government and leading universities.




The challenge

The Hackathon centred around an intentionally vulnerable social media website, InstaFriends. The challenge involved a real site with simulated traffic, technologies and vulnerabilities that represent actual application behaviours. 

With support and guidance from application security experts, participants were immersed in a search to uncover vulnerabilities. By applying hacking techniques in a sandbox environment, they raced to complete the challenge while building valuable skills needed to keep data safe.


Congratulations to our 2019 winners

Shearwater is pleased to recognise the winners and runners up of the 2019 Hackathon. 

First place – [University of Queensland - Cyber A]

First place – [University of Queensland – Cyber A]

· Thomas Malcolm
· Tim Kallioinen 
· Haoxi Tan
· Ruiqing Li

UQCyberA took out the Shearwater Hackathon Trophy and walked away with $1000 worth of JB HIFI Gift cards for the team.

Second place – The A Team

Second place – The A TeamSecond place – The A Team

· Jason Macri
· Luke Humberdross
· Joshua Lehman

The A Team was awarded $600 worth of JB HIFI Gift cards for the team.  


Third place – Team Woolies

Third place – Team Woolies

· Srinivas Karlhik Putlur
· Sarah Emami
· Jon Clark
· Scott Contini 

Team Woolies was awarded $400 worth of JB HIFI Gift cards for the team. 


Jesse Nguyen

Jesse Nguyen achieved the highest rank of any solo player in the competition and received a $100 JB HIFI Gift Card.  

Shearwater’s ethical hackers provided technical support on the day. They said they were particularly impressed by the skills on display at this year’s hackathon, as well as the number of repeat participants (which reflects Shearwater’s commitment to continuously improving the event experience). 

Importantly, it was encouraging to see participants bringing a deeper level of cybersecurity knowledge to the table this year. Cyber threats are becoming more advanced and complex. And the fact that we’re seeing so many IT security professionals and students who can rise to meet those challenges – as demonstrated by the 2019 Hackathon – is a reassuring thing. 


Join us again in 2020

Shearwater’s AppSec Hackathon is an annual event open to cybersecurity professionals, developers and students. You can participate as an individual or in teams of up to four people. 

We hope to see you at our sixth hackathon in 2020! PRE-REGISTER