SecDim AppSec Village Wargame — Call for Challenges

The SecDim AppSec Village Wargame is a hybrid secure coding competition that combines application security engineering, adversarial thinking, and live head-to-head play.

Unlike a traditional CTF where the goal is to exploit a target, this wargame asks players to fix vulnerable software first — preserving intended functionality — and then defend it against other competitors in a live attack-and-defence round. 

All challenges must be built using the SecDim Play SDK.

Challenge Types

Secure Coding

Players receive a deliberately vulnerable application and must identify and correctly patch the flaw. Submissions are automatically tested for both functionality and security. Points are awarded for fixes that pass both test suites.

Attack & Defence

Each player receives a containerized vulnerable application to patch and deploy. Once deployed, players enter a live battle lobby where they attempt to exploit each other's running applications. Capturing a flag from another player's app earns points; a player whose app is exploited is removed from the lobby and must redeploy to rejoin.

How to Submit

Step 1 — Create your repository

Use this GitHub Classroom link to generate a private repository pre-configured with CI tests via GitHub Actions. This is where you'll build your challenge.

Step 2 — Submit your proposal

Fill out the submission form with:

- Your name, email, and GitHub username

- A link to your repository

- A description of your challenge: the vulnerability or technique it covers, the intended difficulty, and what makes it interesting

Step 3 — Build and submit

Develop your challenge directly in the repository — including the vulnerable app, your patch, and all required tests. When ready, open a pull request to trigger the final review.

Step 4 — Review and feedback

The AppSec Village CTF and SecDim team will review your challenge, patch, and tests, and provide feedback directly in the PR. Once approved, you'll receive a confirmation via email and Sessionize.

We look forward to seeing what you build.