Highlights from our 2017 Application Security Hackathon
Team “Cyber Security Hub ” from Macquarie University takes top spot with Ansarada’s team a close runner-up
After running successful Capture the Flag competitions over the past two years—at AISA National Conference 2015 and AusCERT2016—it was a pleasure to host our third annual challenge in partnership with Security Innovation.
The challenge, one of Security Innovation’s CMD+CTRL Hackathons, has been featured and run at several industry events including DEF CON 25, RSA, ToorCon, OWASP AppSec California, SecureWorld Portland and Connected Security Expo. So it was a great opportunity to bring the competition to Sydney and to make it accessible to participants across Australia.
The Hackathon was based on an intentionally vulnerable banking application – Shadow Bank
The Hackathon was based on an intentionally vulnerable banking application, Shadow Bank, which included 48 vulnerabilities covering several vulnerability classes including the OWASP Top Ten and CWE Top 25. Vulnerabilities ranged from SQL Injection (SQLi) to advanced cryptanalysis and cipher cracking tests. This allowed players of all skill levels to participate including students, code developers, and seasoned security professionals.
17 teams participated in our 2017 Hackathon
Guided by cheat sheets, and application security and penetration testing experts from Security Innovation and Shearwater Solutions, participants became immersed in a “find the vulnerabilities” game where they learned and applied hacking techniques in a sandbox environment. And to make sure the participants got the most out of the event, we included tutorials and workshops covering Cross-Site Scripting, SQL Injection, Parameter Tampering, and Cryptography.