Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
Snowflake Breach - Secure Coding Challenge Inspired by The Incident
Snowflake experienced a significant data breach facilitated by an infostealer malware. The attacker exploited stolen credentials from a Snowflake employee’s ServiceNow account, bypassing OKTA and generating session tokens to exfiltrate data. This breach impacted potentially 400 companies. The attacker attempted to ransom the data for $20 million.
This secure coding challenge is inspired by a security company discussion with the adversary who is seemingly behind the incident.
We use this challenge as an opportunity to learn a subtle security weakness with JWT that can allow unexpired token!
Please give it a try and let us know your feedback.
If you have not complete any SecDim secure code challenges, to get started first complete Start Here.py.
