Developer security wargame where developers practice real-world security incidents.
Joined October 2014
- Tweets 387
- Following 3
- Followers 282
- Likes 44
240 Photos and videos
50 days remaining to submit a challenge for the SecDim "Fix the Flag" competition at @AppSec_Village , @defcon 34
Submissions will be featured in the Wargame, with prizes for the best ones provided by @Xbow .
👉 sessionize.com/appsec-villag…
#AppSec #SecureCoding #DEFCON34 #ctf
🫵 BUILDERS WE WANT YOU! Submit a level for the @secdim "Fix the Flag" competition at @AppSec_Village at @defcon 34 💀
Build a vulnerable app, define the fix. Top contributors win prizes sponsored by @xbow.
Submit by July 31 💙
sessionize.com/appsec-villag…
#CTF #defcon34
125
vm2 should not be relied upon as a sole security control.
We promised a write-up. Here it is.
Using the recent vm2 escape (CVE-2026-22709) as a case study, we ask:
Can a #JavaScript sandbox ever be treated as a security boundary?
Link below
#appsec #securecoding #security
1
2
145
The Black Hat Asia 2026 AI Wargame ran in April.
Congratulations to funkyq, who placed first in the competition.
Thanks to everyone who took part. We hope you enjoyed the Wargame and learned something along the way.
#appsec #securecoding #blackhat
50
Call for Proposals may be closed, but Challenge Submissions for the AppSec Village CtF are open until 31st July
Submit now and get a chance to win prizes at DEF CON 34
(DEF CON attendance is not mandatory for challenge selection)
👉 sessionize.com/appsec-villag…
#appsec #ctf #defcon
Today's the day. The Call for Proposals for @AppSec_Village at @defcon 34 closes tonight at midnight.
Talks, panels, workshops, Arsenal demos. Blind review. First-timers welcome.
Submit → sessionize.com/appsec-villag…
#callforpapers #cfp #cfs #defcon34 #appsec
123
The maintainers of vm2 have been honest about its limitations.
It is a welcome trend to see maintainers openly discuss the security assumptions of their projects.
Later this month, we'll be publishing a write-up on vm2 and JS sandboxes. Stay tuned.
#appsec #securecoding
56
We released a developer guide covering prompt injection, sensitive information disclosure, and MCP server security risks.
If you build with AI, it's worth understanding how these risks actually happen.
👉 learn.secdim.com/course/stay…
#appsec #securecoding #ai #programming
1/Most developers don't think twice before asking their AI assistant to explain a public codebase.
That's exactly what attackers are counting on.
#aisecurity #aisafety
1
1
1
144
In 2018 British Airways "Magecart" breach exposed credit card details resulting in a £183.39 million GDPR fine.
Our new Frontend Security course covers how to properly secure modern frontends.
👉 Check it out: learn.secdim.com/course/fron…
#appsec #securecoding #webedv #programming
231
CVE-2025-55182 demonstrates, once more, the danger of unsafe deserialization and input validation.
Our comprehensive write-up for the React2Shell vulnerability is here.
👉 Check it out: secdim.com/blog/post/react2s…
#appsec #securecoding #programming
1,304
In the React2Shell exploitation, we can abuse a deserialization vulnerability in React Server Components to smuggle attacker-controlled strings into the internal module loader.
We'll be writing about the lessons learnt from this.
Coming Soon.
#appsec #securecoding #programming
89
I said it was coming. It's here.
Vibe Coding Security is live — why AI produces vulnerable code, how to design securely before prompting, how to review output as an attacker, and how to catch what review misses.
👉 learn.secdim.com/course/vibe…
You vibe code an app. Your app works. Congratulations. So does the vulnerability inside it.
Vibe coding has a systemic security problem and AI can't fix it. Here's why 🧵
1
3
199
DEVWorld is only a few days away!
The wargame contest with a Luxury Weekend stay on the line will be reaching its zenith by Friday.
👉 Check it out now: secdim.com/devworld/
#appsec #securecoding #devworld #programming #cybersecurity
52
Only a week left until DEVWorld 2026
We will be hosting the official developer security contest for DEVWorld 2026.
The Grand Prize for the winning team is a luxurious stay in a 4-star hotel 💎
👉 Check it out: secdim.com/devworld/
#appsec #securecoding #devworld
52
We ran a workshop at NDC Sydney 2026 alongside a live Wargame.
The session included security exercises, analysing application behavior, and exploring exploits.
If you're attending NDC, the Wargame is still available:
👉 secdim.com/ndc
#appsec #securecoding #ndc
1
48
The Black Hat Asia 2026 Wargame.
Work through hands-on security challenges covering vulnerability discovery, exploitation, and analysis.
If you're attending, come say Hi to Harley while you're there 👋
👉 secdim.com/blackhat
#appsec #securecoding #blackhat
141
NDC Sydney 🇦🇺 is only a week away!
We will be hosting a Talk alongside an AI Workshop, Wargame edition.
👉 Check it out: secdim.com/ndc
#appsec #securecoding #ai #ndc
1
126