websec.fr is now live. It's a web-oriented wargame, born from frustration that there are too few interesting web challenges available around, and that they are either:
- bug bounties, but once a vulnerability has been disclosed, other can't play with it
- capture the flags, but once it's over, most of the time, the challenges aren't available any more (with the notable exception of the fluxfingers ones: kudos!)
- too easy to be interesting for people familiar with web security
- with mandatory registration (or mandatory javascript, because who cares about accessibility, right?)
This is why, several people of #websec gathered around and took the time to created a new (eponym) wargame. Contributions, feedbacks and unintended solutions are of course more than welcome.
So far, we've got something like 20 bullshit-free challenges, please enjoy!