Build out of compute layer is in progress… Details on BSky.

This is a game. A test of skills and knowledge if you will. Oracle APEX is a very robust platform by default. As with most software, secure or insecure is often in how it is used. Security has a lot with setup normally done by humans. APEX is no different.

Why?

This game is to highlight some common DB mistakes when writing applications with APEX. In a lot of cases, protections and bad practices are implemented knowingly.

The goal is to reinforce the reason why specific protections are in place in APEX and how some features, if misconfigured, can be a real risk to a product security.

APEX-CTF is a game of surgical information gathering. You will follow the journey of a junior developer filling requiremtents and making mistakes. With proper coaching and guidance, the developer improves their skills and expands the applicaiton capabilities.

To Play:

1. Sign up for Scoring. At this time, scoring is authenticated with Google accounts for simplicity.

** Your account is for keeping track of your progress and flag captures. Your email and information will not be shared outside of APEX-CTF. **

2. You will get an link to the current arena on the scoring site as well as a list of current flags. Some flags are specific to your account.

3. When you locate a flag, come back to the scoring site to turn it in and take credit for the find.

The APEX-CTF team understands that inviting people to hack a site is a lot like playing with a bear in the woods. It sounds like fun until it decides to wreck your life. There are a lot of hacking techniques and games for integrated system stressing.

This is not one of those.

This is a lightweight infrastructure that is intending to expose very specific technical flaws.

Not allowed:

• Brute force attacks
• Denial of service (request flodding)
• .. other fancy terms here..

Although valid attacks, none of the flags are behind these types of attacks.

Hints are provided to give clues to as to the locaiton of specific flags.