Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
Holiday 7x7 Wargame - OAuth.py
OAuth vulnerabilities aren’t always obvious. Sometimes they hide in code that appears to work. In our Holiday 7×7 Wargame, we’ve crafted OAUTH.py, a challenge that does just that. It looks like a normal OAuth callback, but a subtle flaw allows clever players to bypass trust boundaries and gain unintended access.
Think you can fix it? Try it now, dive into the flow, and see if you can patch the vulnerability before moving on to the next challenge.
Start OAUTH.py now: https://play.secdim.com/game/holiday-2025/challenge/oauthpy
Happy patching, and don’t forget each challenge is part of the Holiday 7×7 Wargame, designed to sharpen your skills over the break.
