Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
Recap - What's New
Here is what we delivered in the last 4 months, our latest features, challenges, improvements, events, workshops and presentations. Enjoy!
New Challenges 
Platform
May
- Add individual user statistics for each company user in the Play company dashboard; challenges assigned, challenges started, average challenge attempts, average engagement, and time spent learning
- Add company user role management; Admin, Manager, and Department Lead
- Admin role has full access to remove company users, assign user departments, and create and remove departments
- Manager role has access to assign user departments, and create and remove departments
- Department Lead role can assign/un-assign users from their department only
- Create company dashboard in ID to manage users and departments
- Add ability to generate invite link to add new users to your company
- Migrate the company user management functionality from Play to this new dashboard in ID
- Update Play to endpoints to be accessible by User API key on top of the currently logged in user
- Improve custom game management endpoints to make it easier to call by API call
- Improve vulnerability search filtering options by API call
- Optimise vulnerability search endpoint performance
June
- Update Play company dashboard
- Update monthly engagment chart to show grade over time
- Improve company dashboard performance by introducing caching and optimising queries
- Add chart for completed challenges per vulnerability
- Apply department filtering for additional charts and cards
- Update ID company dashboard
- Move Department table to separate page
- Fix Stripe subscription check
- Remove abiliity to stop challenge for event mode
- Reduce duplicate API calls to improve performance
- Fix issue when retrieve test status
July
- Refactor test suite
- Update URL routes for ID and Play Company Dashboards
- Fix login error when attempting to login from Play
- Implement API key access for company API endpoints
- Add OpenAPI schema support for selected API endpoints
- Update company dashboard to manage assigned API keys
- Implement NoCDE tag to disable CDE access for specific challenges
- Create modal to submit new challenges
- Hide Hacker Lobby for users who have not logged in
- Fix silent login flow for Learn platform
August
- Implement check to remove player from Hacker Lobby if they push a commit to their app once it has been published
- Revert changes for retrieve public status endpoint that is used in the
make statuscommand
Announcements
- Fix the Flag Challenge Contribution Winner and Featured Game
- SecDim AI Wargame at Black Hat USA 2025
- Seasonal Preview June - July - August
- Free Subscription for the Open Source Community
- SecDim hosts AppSec CTF at FirstCon25 in Denmark
- 30% Off - AI Workshop and WarGame at Code Europe 2025 in Poland
- SecDim hosts AppSec CTF at DEFCON 33
- Fix The Flag contest at AppSec Village DEF CON 33
- Fix the Flag Challenge Contribution Winner and Featured Game
- AppSec Village Fix the Flag Winners
- Featured Challenges: Contributions from AppSec Village Fix the Flag
- Black Hat USA 2025 Winners
Blog
- CVE-2025-29927 - Next.js Vulnerability
- Summary of Hacking LLM Workshop at Code Europe 2025
- 2022 Optus Data Breach Incident
- Progress Telerik UI Unsafe Deserialization
- NIST - Guidelines for API Protection for Cloud-Native Systems
- Http4k XML External Entity Injection (XXE)
- The Capital One Hack
- GitHub Account Takeover
Events
- CodeEurope (Warsaw)
- Tech Camp (Hamburg)
- ADEO DevSummit (Lille)
- BlackHat USA 2025
- Fix the flag @ AppSec Village (DEF CON)
