Challenges are crafted, based on fantastic bounty write-ups, real-world case studies, and incident news, not based on antique applications or brain-burning CTFs.

Redefine your learning experience through mission-driven approach not through reading thick books just to forget later.

Challenges are aimed for a wider audience - The Web War For pentesters/bounty hunters, Cybersecurity drills for cyber professionals.

Concise write-ups are provided (with local mirrors of real-world news in the past) for every solution for a quick learning experience.

We host challenges based on constraints derived from human weaknesses, technical and business barriers in enforcing security controls that cause a gap to happen.

For this reason, challenges are not the hardest problems. They would wow you and leave you with surprise.

The challenges do not rely on particular operating systems, or programming languages though we keep the current trend in mind.

We try our best to craft challenges in technology neutral ways. We present new technology if such weakness patterns propagate among majority of technologies.

Our challenges are carefully selected and designed with the focus on interesting patterns of insecure design and implementation practices.

Thus, the techniques you learnt can be put into practice after you get back to work. They would remain valid for years.

Extraordinary techniques are regularly shared at conferences, blogs, twitters, ebooks..etc. Yet, we do not have the platform to practise for internalizing those techniques.

Now what you see is the ready-to-practice challenge platform with no time-consuming set-up and coding by yourself.

Web has been everywhere from mobile app, digital signage to iOT. It has been growing and more and more feature-rich than before including recent HTTP2, WebSocket, WebAssembly. In this challenge series, all challenges are based on real-world incidents and researches.

Majority of world most infamous incidents are stemmed from the root cause of insecure designs and failure to foresee the risks. This challenge domain, you will be bombarded with questions on features broken by hackers up to date. This is designed to make you think through secure principles to avoid the weakness.

When it comes to organizations, our security performance is all traced back to organization processes, people, management, leadership as well. Soft skills are vital and built on top of technical skills. Without either one, we cannot save our organisations from holistic point of views.