Highlights from our 2017 Application Security Hackathon

Team “Cyber Security Hub ” from Macquarie University takes top spot with Ansarada’s team a close runner-up

After running successful Capture the Flag competitions over the past two years—at AISA National Conference 2015 and AusCERT2016—it was a pleasure to host our third annual challenge in partnership with Security Innovation.

The challenge, one of Security Innovation’s CMD+CTRL Hackathons, has been featured and run at several industry events including DEF CON 25, RSA, ToorCon, OWASP AppSec California, SecureWorld Portland and Connected Security Expo. So it was a great opportunity to bring the competition to Sydney and to make it accessible to participants across Australia.

shadowbank Hackathon

The Hackathon was based on an intentionally vulnerable banking application – Shadow Bank 

The Hackathon was based on an intentionally vulnerable banking application, Shadow Bank, which included 48 vulnerabilities covering several vulnerability classes including the OWASP Top Ten and CWE Top 25. Vulnerabilities ranged from SQL Injection (SQLi) to advanced cryptanalysis and cipher cracking tests. This allowed players of all skill levels to participate including students, code developers, and seasoned security professionals.

Application Security Hackathon

17 teams participated in our 2017 Hackathon

Guided by cheat sheets, and application security and penetration testing experts from Security Innovation and Shearwater Solutions, participants became immersed in a “find the vulnerabilities” game where they learned and applied hacking techniques in a sandbox environment. And to make sure the participants got the most out of the event, we included tutorials and workshops covering Cross-Site Scripting, SQL Injection, Parameter Tampering, and Cryptography.

Hackathon-Winners

The winning team (Macquarie University) and runner-ups (Ansarada) with Shearwater Solutions and Security Innovation staff

All participants deserve acknowledgment, especially those who played solo for the duration of the competition. The top 3 teams at the competition were:

1 – Cyber Security Hub – Macquarie University
2 – adarasna – Ansarada
3 – Allianz E Hackers – Allianz

This Hackathon was a great opportunity for participants to test their security skills, identify knowledge gaps, and get additional tips and tricks needed to keep data safe. Congratulations to the winners and we look forward to seeing you again in 2018!