SWD Competition

Structure

Throughout the SWD lecture, you will be participating to the SWD Competition, which is a BIBIFI competition centered on web application security and vulnerability discovery and reporting.

The competition is divided into three phases: the build-it, the break-it, and the fix-it phases.

  1. Build-it Phase: During the build-it phase, teams will develop an entire web application following the docs and specs that we provide. Teams get scored based on the specs’ adherence.

  2. Break-it Phase: During the break-it phase, teams will search for vulnerabilities in each other web applications. Teams will create working exploits and write high-quality vulnerability reports. Teams are scored based on the number of confirmed vulnerabilities.

  3. Fix-it Phase: During the fix-it phase, teams will address reports submitted by other teams by patching their code. Scoring is based on the number of fixed vulnerabilities.

Scoring and Awards

The SWD competition will strengthen students’ technical skills in engineering, coding, and testing web applications. In addition, the competition intends to foster a positive, ethical, and responsible culture about vulnerability notifications management. Teams will be rewarded for creating high-quality vulnerability reports and interacting with one another professionally and respectfully when disclosing vulnerabilities.

Accordingly, the SWD competition will seek nominations for teams that distinguished themselves for exceptional behaviors and adherence to the highest standards in the following categories:

  1. Best Vulnerability Report
  2. Best Developer Response
  3. Most Innovative Exploitation
  4. Best Easter Egg
  5. Honorable Mentions