🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .


OAuth Challenges Release

07/07/2026

OAuth’s core purpose is secure delegation of access, but when apps blindly trust any valid token without verifying it, the trust model breaks down.

We built challenges that demonstrate how an adversary can use tokens from one service to impersonate users on completely unrelated platforms, effectively bypassing authentication and hijacking accounts.

The challenges are available in all popular languages:

Deco line
Deco line

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

Deco line
Deco line

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.

Read more