About the challenges

Find the vulnerabilities – Exploit them – Score points – WIN

Most importantly learn and improve your skills every step of the way

About the challenges

Find the vulnerabilities –
Exploit them – Score points – WIN

Most importantly learn and improve your skills every step of the way

1 event 2 exciting challenges

This year’s challenge utilises two intentionally vulnerable banking applications, Shadow Bank and Gold Standard. The challenges comprise real websites with simulated traffic, technologies and vulnerabilities that represent actual application behaviours.

Where else can unmatched realism deliver the immediate satisfaction and long-term memory benefits that “learning by doing” provides to teams that protect your enterprise?

And not to mention it’s fun, so no strong-arming is needed.

1 event 2 exciting challenges

This year’s challenge utilises two intentionally vulnerable banking applications, Shadow Bank and Gold Standard. The challenges comprise real websites with simulated traffic, technologies and vulnerabilities that represent actual application behaviours.

Where else can unmatched realism deliver the immediate satisfaction and long-term memory benefits that “learning by doing” provides to teams that protect your enterprise?

And not to mention it’s fun, so no strong-arming is needed.

Shadow Bank

Difficulty – Beginner to intermediate

Shadow Bank includes intentional vulnerabilities ranging in difficulty – great for novices and experts alike. Vulnerabilities included are cross-site scripting (XSS), password cracking, authorisation bypass, business logic abuse, SQL Injection, and others.

Players are tasked with finding and exploiting these vulnerabilities within Shadow Bank’s functionality which includes:

  • Creating accounts
  • Transferring funds
  • Buying and selling stocks
  • Viewing past transactions
  • Requesting loans
  • Posting to a forum

Shadow Bank

Difficulty – Intermediate to advanced

Shadow Bank includes intentional vulnerabilities ranging in difficulty – great for novices and experts alike. Vulnerabilities included are cross-site scripting (XSS), password cracking, authorisation bypass, business logic abuse, SQL Injection, and others.

Players are tasked with finding and exploiting these vulnerabilities within Shadow Bank’s functionality which includes:

  • Creating accounts
  • Transferring funds
  • Buying and selling stocks
  • Viewing past transactions
  • Requesting loans
  • Posting to a forum

Gold Standard advanced banking website

Difficulty – Intermediate to advanced

This advanced banking application includes 54 challenges such as SQL Injection, XSS, authentication/authorization issues, business logic flaws, and more. Many of these vulnerabilities include some form of poorly implemented mitigations such as blacklisting attack strings and client-side validation making them harder to exploit than Shadow Bank. Players have to be creative and thorough in their testing to bypass the mitigations and successfully exploit the system!

Account-holders can:

  • Transfer money to other accounts
  • Convert money into gold/other metals
  • Read/comment on bank announcements
  • Request a loan

Bank officials (via admin interface) can:

  • Approve loans
  • Approve transactions over $10,000
  • Post new official bank announcement

Gold Standard advanced banking website

Difficulty – Intermediate to advanced

This advanced banking application includes 54 challenges such as SQL Injection, XSS, authentication/authorization issues, business logic flaws, and more. Many of these vulnerabilities include some form of poorly implemented mitigations such as blacklisting attack strings and client-side validation making them harder to exploit than Shadow Bank. Players have to be creative and thorough in their testing to bypass the mitigations and successfully exploit the system!

Account-holders can:

  • Transfer money to other accounts
  • Convert money into gold/other metals
  • Read/comment on bank announcements
  • Request a loan

Bank officials (via admin interface) can:

  • Approve loans
  • Approve transactions over $10,000s
  • Post new official bank announcement

Interesting in becoming a sponsor?