SecureLink, an information risk advisory firm, in partnership with Security Innovation, an application security company, organised a gamified ethical hacking workshop called CodeBreakers on June 2, 2016 at the SecureLink office, Dubai. The day long CMD+control challenge was attended by 12 participants who tested their hacking skills. The hackathon comprised of a vulnerable website where players could immerse themselves in a “find the vulnerabilities” game and apply hacking techniques in a sand boxed environment, thus earning points for each vulnerability exploited.
Reghu Mohandas, Director – Risk Analytics & Advisory, SecureLink said, “What this workshop offered participants, is the opportunity to actually engage in an attack. Most security professionals only have experience in protecting their assets by implementing technology or conducting compliance related activities. This was a chance to get hands-on experience on hacking into a simulated banking website, learning about vulnerabilities, attack methods and how to conduct an attack. Everyone got a chance to learn something new and the live scoreboard made it even more exciting.”
One of the CodeBreaker participants, Amna Al Harmoodi, Manager – Security Assessment Operations, du said, “The CodeBreakers workshop was a great hands-on training! The instructor conducting the workshop was very good and everyone was given individual attention. The ethical hacking part of the workshop was engaging and gave us a solid understanding of hacking practices along with solutions on how to better secure enterprises.”
Another participant Raheal Akhtar, Solution Architect from Dubai Government said, “The CodeBreakers workshop was very well planned and was one of the best hackathons I have attended in Dubai! There was a lot of security-based content which is crucial at this point in time. I am definitely looking forward to more workshops such as these in the future.”
The CMD+CTRL Hackathon comprises of three vulnerable Web sites (Shred Retail, Shadow Bank, and Account All HR) that included functionalities you would expect to find in e-commerce, banking, and HR websites. With more than 150 vulnerabilities, challenges ranged from common vulnerabilities such as SQL Injection and Cross-Site Scripting to more advanced cryptanalysis and cipher cracking tests. Each challenge had a point value and discovered vulnerabilities which were automatically updated on a live scoreboard. For this event only the shadow bank website was used. The CodeBreakers event also included guidance assets, coding samples and the ability to buy hints, making it ideal for participants of all skill levels.
With the help of a trainer from Security Innovation, participants were able to ask questions about the challenge and also discuss other sophisticated exploits.