Introduction

Challenges are grouped into different games. For example: Java, Python, JavaScript, GraphQL, Ruby and C# and many more.

You can also find your desired challenge by searching and filtering.

Challenges may or may not include information about the vulnerability(s) of the challenge in their description. Every challenge has information about:

Once you have selected a challenge, you can click on the Play button to get started.

Each time you try a challenge, you have a limited time to pass it. You need to find and fix the security vulnerability in the given app and push your changes as a commit.

Your changes will then be tested and if the vulnerability is patched, you will get the challenge score. If the tests fail and challenge timer has not run out, you can push another commit.

If time runs out, you fail the try and will have to start again by clicking Play.

All challenges in SecDim Play carry points, these points accumulate and add to your total score. You can view your ranking on the leaderboards for each game as well as on the global Hall of Fame. Points are not only a means for ranking, but can also be used to unlock Hints in challenges. If a challenge has hints available, they will show up in the Hints menu which can be accessed by the 'Hints' button below the timer.

When you pass a challenge for the first time, you are given the points assigned to the challenge at that time. While this means using hints reduces your potential winnings, getting some points is always better than getting none! Therefore, while you are encouraged to try the challenges yourself, do not shy away from using hints when in a bind.

As mentioned, you need to push your patch in a commit. Your changes will be tested against our server tests and if they all pass, you pass the challenge and are awarded a score. We will look at this in depth in the next couple of entries.