SecDim AppSec Village Wargame: Fix the Flag

The SecDim AppSec Village Wargame is a hybrid secure coding competition that blends application security engineering, adversarial thinking, and live head-to-head play. Unlike a traditional CTF, where the goal is usually to exploit a target and capture a flag, this activity asks competitors to first fix vulnerable software correctly, keep intended functionality intact, and then compete in a live attack-and-defence setting. SecDim frames it as an attack-and-defence CTF focused on secure coding challenges inspired by real incidents, where players are expected to remediate vulnerabilities, not just exploit them.

Types of Challenges:

• Secure Coding (Default): Players receive a vulnerable application and must identify and patch the flaw correctly. Submissions are tested for both functionality and security, and points are awarded for fixes that pass.
• Attack & Defence: Each competitor gets a fully containerized vulnerable application that they can patch. After submission, the platform deploys it. Players then enter a live battle lobby where they inspect and attack other competitors’ apps. Successfully exploiting another player’s app to capture a flag earns points. The attacked player is removed from the lobby and must redeploy to rejoin.
• Challenge Creation via SDK: SecDim provides an open Play SDK for building new secure coding challenges. Authors propose a challenge idea, build a deliberately vulnerable app, add usability tests for expected behavior, and define the security condition players must fix. The SDK includes detailed documentation, and there are separate prizes for top challenge contributions.

How to submit:

To get started, follow this link to create a GitHub repo containing your future challenge. Accepting the link will automatically create a private repository for you, pre-configured with CI tests via GitHub Actions.

Then fill out the submission form including the vulnerability or technique at its heart, the intended difficulty, and what makes it stand out.

From there, you'll develop your challenge directly in the repository — including the challenge itself, a patch, and tests that confirm everything works as expected. When you're ready, open a pull request to submit for final review. Our team will go through your challenge, patch, and tests, and communicate any feedback directly through the PR.

Once your proposal is reviewed and approved, you shall receive a notification via email and Sessionize.

We look forward to seeing what you build!