Shearwater Application Security Hackathon 2019

Cliftons Conference Venues, null
Nov 15th 2019
See the website


Application Security Hackathon and Offensive Capture the Flag


1 Day Challenge and Learning Event

An initiative from Shearwater Solutions - Leaders in Application Security and Penetration Testing

Powered by CMD + CTRL Cyber Range from Security Innovation

1 Day - 4 Cities - 100+ Players battle it out for the top spot

Open to Individual Players & Teams of up to 4*

Want to get your team genuinely excited about Web Application Security? Attend this Hackathon and plunge into the dark world of cyber attacks and view applications through the eyes of a rogue adversary.



▶ Play from Sydney, Melbourne, Canberra, Brisbane or join remotely from anywhere in Australia. 


The event is held at Cliftons Conference Venues

SYDNEY - 60 Margaret StMELBOURNE - 1/440 Collins StCANBERRA - 2/10 Moore St  BRISBANE - 3/288 Edward St 


About the Challenge

The challenge is based on an authentic and intentionally vulnerable application:

InstaFriends – Social Media Website

This challenge includes 55 vulnerabilities including SQL Injection, XSS, vertical and horizontal authentication bypass, and various crypto challenges. Players can post to another’s timeline without permission, escalate to admin privileges, and change another user’s privacy settings.

Join, create and post to groups

Friend and message other users

Post and comment on photos

Create and edit a profile

Create user reviews

Leave ratings

Guided by cheat sheets and onsite application security specialists, you will become immersed in a “find the vulnerabilities” game where you will quickly learn and apply hacking techniques in a sandbox environment - and all the while, acquire the skills needed to keep data safe.

Utilizes proven Capture-the-Flag (CTF) techniques in real-world settings

Fully functional application allows users to exploit features they often build and use 

Clever pop-up messages, humorous sounds, and "Easter Eggs" throughout the sites make hacking them even more fun

Real-time scoring creates friendly competition and motivation

Includes vulnerabilities that cover various vulnerability classes

Each challenge has a point value based on complexity, with challenges ranging from common  advanced vulnerabilities

Vulnerabilities are represented in a variety of forms just as they appear in commercial applications

Ideal for all skills

Got a question? Experts are readily available

Need to overcome difficult challenges? Grab a cheat sheet or buy a hint using your points

Want to maximize scoring? Team up for a broad-scale assault

Use post-game reports to identify skills gaps 


1st Prize: $1000 JB HIFI Gift Card 2nd Prize: $600 JB HIFI Gift Card3rd Prize: $400 JB HIFI Gift Card

Please note that prizes are per team and will be divided amongst the team players. 

Morning tea, lunch, and afternoon tea are included for onsite players.

Bonus: We will keep the Hackathon platform open until Friday 22 November, 5 pm. That’s an additional 7 days of access so you can make the most out of this learning experience and complete the challenges at your own pace.



⌛ Strictly limited places available, book now and secure your spot.


* Please note that each player needs a ticket. Teams can purchase up to 4 tickets depending on the number of players they include.

Sign Up
New to
Sign-up to take advantage of all the features
Sign In
Already have an account?
to join or create hackathons
Forgot password
We just sent you a confirmation email.
Validate your email address to finish registration.
The recovery email has been sent
If you don’t receive it, make sure you already have an account.