Shearwater Application Security Hackathon 2018

Application Security Hackathon and Offensive Capture the Flag

1 Day Challenge and Learning Event

An initiative from Shearwater Solutions - Leaders in Application Security and Penetration Testing

Powered by CMD + CTRL Cyber Range from Security Innovation

1 Day - 4 Cities - 100 Players battle it out for the top spot

Open to Individual Players & Teams of up to 4*

Want to get your teams genuinely excited about Web Application Security? Attend this Hackathon and plunge into the dark world of cyber attacks and view applications through the eyes of a rogue adversary.

Locations

▶ Play from Sydney, Melbourne, Canberra, Brisbane or join remotely from anywhere in Australia. 

The event is held at Cliftons Conference Venues

SYDNEY - 60 Margaret St
MELBOURNE - 1/440 Collins St
CANBERRA - 2/10 Moore St  
BRISBANE - 3/288 Edward St 

About the Challenges

The challenges are based on two authentic and intentionally vulnerable applications:

Shred Retail – eCommerce Website

Users can purchase skateboards and supplies, review products, purchase and redeem gift cards, view past orders, and more. 35+ vulnerabilities allow you to buy a negative quantity, place an order with someone else’s credit card, get a great deal on gift cards, trigger denial of service and more. 

Account All – HR Website

This website includes employee, manager and HR admin roles with distinct privileges and functionality such as submitting timesheets, managing direct deposit, viewing paystubs, submitting performance reviews, and editing confidential user information. Users can exploit 40+ vulnerabilities to view their managers' salary, modify another user’s account, set Invalid superannuation contributions and other devious activity.

Guided by cheat sheets and onsite application security specialists, you will become immersed in a “find the vulnerabilities” game where you will quickly learn and apply hacking techniques in a sandbox environment - and all the while, acquire the skills needed to keep data safe.

• Utilizes proven Capture-the-Flag (CTF) techniques in real-world settings

• Fully functional applications allow users to exploit features they often build and use 

• Clever pop-up messages, humorous sounds, and "Easter Eggs" throughout the sites make hacking them even more fun

• Real-time scoring creates friendly competition and motivation

• Include vulnerabilities that cover various vulnerability classes
  
  
• Each challenge has a point value based on complexity, with challenges ranging from common vulnerabilities such as SQL Injection (SQLi) to advanced cryptanalysis and cipher cracking tests
  
  
• Vulnerabilities are represented in a variety of forms just as they appear in commercial applications

Ideal for all skills

• Got a question? Experts are readily available

• Need to overcome difficult challenges? Grab a cheat sheet or buy a hint using your points

• Want to maximize scoring? Team up for a broad scale assault

• Use post-game reports to identify skills gaps 

Prizes

1st Prize: $1000 JB HIFI Gift Card 
2nd Prize: $600 JB HIFI Gift Card
3rd Prize: $400 JB HIFI Gift Card

Please note that prizes are per team and will be divided amongst the team players. 

Morning tea, lunch, and afternoon tea are included for onsite players.

Bonus: We will keep the Hackathon platform open until Sunday 25 November, 5 pm. That’s an additional 7 days of access so you can make the most out of this learning experience and complete the challenges at your own pace.

⌛ Strictly limited places available, book now and secure your spot.

* Please note that each player needs a ticket. Teams can purchase up to 4 tickets depending on the number of players they include.