CMD + CTRL Application Security Hackathons

A Fun "Find the Vulnerabilities" Game to Understand the Importance of Secure Coding

Test your team's skills in a whole new way as they hack their way through hundreds of vulnerabilities that plague applications today. In this exciting game setting, participants are tasked with tapping into their inner evildoer to learn and apply creative attacks in authentic web and mobile applications including:

  • Shadow Bank – Banking website
  • Gold Standard Bank – Advanced banking website
  • Shred Retail – eCommerce website
  • Account All – HR website
  • InstaFriends – Social media website
  • Runstoppable – Android mobile fitness application

Features and Benefits of Application Security Hackathons

Interactive and Engaging

  • Utilizes proven Capture-the-Flag (CTF) techniques in real-world settings
  • Fully functional applications allowing users to exploit features they often build and use such as adding items to a cart, making a purchase, transferring money, applying for a loan, submitting time sheets, and tracking fitness routines.
  • Clever pop-up messages, humorous sounds, and "Easter Eggs" throughout the sites make hacking them even more fun
  • Real-time scoring creates friendly competition and motivation

Largest Repository of Vulnerable Websites

  • Includes 300+ vulnerabilities that cover 20 vulnerability classes including the OWASP Top Ten and CWE Top 25
  • Each challenge has a point value based on complexity, with challenges ranging from common vulnerabilities such as SQL Injection (SQLi) to advanced cryptanalysis and cipher cracking tests
  • Vulnerabilities are represented in a variety of forms just as they appear in commercial applications

Ideal for All Skills

  • Got a question? Experts are readily available
  • Need to overcome difficult challenges? Grab a cheat sheet or buy a hint using your points
  • Want to maximize scoring? Team up for a broad scale assault
  • Use post-game reports to identify skills gaps 

Hackathon Delivery Options

Security Innovation Staffed Event - These events leverage Security Innovation experts to handle setup, guide participants to find vulnerabilities, and provide on-the-spot training. They are offered as 1 or 2-day events and can be customized to include kick-off training, break-out sessions, and a reveal session at the end.    

Client Staffed Event -For organizations that want to self-host, we will provide vulnerability tip sheets, attack tables, an administrative guide, and training session to get your experts prepared for the event. Client handles registrations, setup, deployment, and the event.

Stand-Alone Practice Range - For organizations that have distributed teams or prefer to leverage CMD+CTRL for continued skills development, our SaaS version provides remote access to our Web sites for a specified period of time.