Pwn! Fix! Repeat!

Don't want to learn about web-app security the hard way? Or you want to sharpen those bugslaying skills?

We offer multiple learning exercises in the form of challenges. Each challenge consists of some source code, database backups (if applicable) and a Dockerfile to provide an easy, hassle-free way to run the app. The objective is twofold: on one hand you are expected to find all vulnerabilities in a given app, but you must also submit a patch to fix those in order to succeed.

But beware, this is not as easy as doing rm -rf / on the app's directory! Your patch must not alter the inner working of the application.

TL;DR: If you break it, it doesn't count. ;-)

Sounds interesting to you?

No need to register! Get started right away by having a look at our challenges.

Useful links

All new to this? No worries, here's a couple links to help you get started.