- bug bounties, but once a vulnerability has been disclosed, other can't play with it
- capture the flags, but once it's over, most of the time, the challenges aren't available any more (with the notable exception of the fluxfingers ones: kudos!)
- too easy to be interesting for people familiar with web security
This is why, several people of #websec gathered around and took the time to created a new (eponym) wargame. Contributions, feedbacks and unintended solutions are of course more than welcome.
So far, we've got something like 20 bullshit-free challenges, please enjoy!