Gameplay and Delivery
- Users log into the platform to get access to the vulnerable sites, cheat sheets, hints store, scoreboard and their personal progress page.
- Each player has their own instance of each site so their play does not affect others.
- Players can reset the database or do a full system restore on their own.
- Each challenge/vulnerability has a name, type and point value (10 to 2500),
- Points are scored upon successful exploitation of vulnerabilities and scoreboard is automatically updated
- Other than built-in browser tools, players don’t need additional tooling. Password-crackers, proxies, and other utilities can be useful with a skilled operator but aren’t required. Scanners can be used, most vulnerabilities will elude them
- Web site challenges are language- and framework-agnostic, designed to teach security concepts like input validation and strong access controls. The one exception is Runstoppable, which primarily covers Android-specific mobile application vulnerabilities.
Security Innovation-Staffed Hackerthon
These events are a combination of on-site instructor-led training and a real-time capture the flag (CTF) contest. Our experts handle setup and provide continuous on-the-spot guidance throughout.
- Offered as 1 or 2-day events at location of your choice
- Kickoff session provides an overview of the game, how to think like an attacker, and getting started tips
- Customizable learning labs throughout arm players with specialized skills
- Gameplay allows newly acquired knowledge to be tested and skills practiced
- Reveal session summarizes the attacks, vulnerabilities, and mitigation tactics
- Coverage reports for each player: by defect category, difficulty, etc.
- Company branding on all digital and printable assets
Can be run online and/or at a specific geographic location. We help with registration and setup; you manage users and gameplay during the event.
Security Innovation will provide:
- Player documentation including FAQs and cheat sheets.
- Answer keys, operational guide and training for administrator(s)
- Administrator panel for user data, event/player management, bonus points administration and event dashboard.
- Remote support
- Reveal guide includes walkthroughs for all of the vulnerabilities so that participants can learn more about vulnerabilities they missed
Stand-Alone Practice Range
For organizations that need a safe sandbox to regularly practice new skills and techniques, our SaaS version is ideal.
- Individual or competitive gameplay mode
- Administrator panel for user data, system documentation, troubleshooting, and tips on managing events and users
- Dashboard and reporting to measure progress over time