Find and Exploit Web Vulnerabilities on a Capture-the-Flag Range
Overview
What this challenge is about.
Receive credentials to the CTF environment, the 8 challenge specifications (each with a target endpoint and a flag to extract), and the Rails source for the vulnerable app. For each challenge: identify the vulnerability class, write a working proof-of-concept (curl or Burp Suite request), extract the flag, and propose a concrete code-level fix (with diff if possible). Compile findings into a single penetration-test report formatted like a real engagement deliverable (executive summary, methodology, findings table, per-finding writeup with reproduction steps, recommended fix, references). Deliver the report, the curl/Burp-Suite collection of exploits, and a 1-page summary the hiring manager can skim.
The Brief
What you'll do, and what you'll demonstrate.
Identify, exploit, and propose fixes for 8 graded web vulnerabilities on a CTF range that mirrors a real Rails production stack.
Earning criteria — what you'll demonstrate
- Identify and exploit the OWASP Top 10 categories on a realistic codebase
- Document findings in a real pen-test report format
- Propose code-level fixes a developer can implement
- Distinguish finding severity using CVSS-like scoring
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.