7 months ago
🔥 ROUND:03 Mini Project: “Build & Secure a Vulnerable App”
⏳ Duration: 2 Days 🎯 GoalTeams will build a small web app, intentionally add real bug bounty vulnerabilities, exploit them, and then fix them.
Required Vulnerabilities
Your app must include at least:
-
IDOR
-
Broken Access Control
-
XSS (stored or reflected)
-
Insecure File Upload
Bonus (optional):
-
Weak JWT secret
-
Sensitive data leak
-
CSRF
Required Submission
Teams must submit all of the following:
-
Vulnerable Version (Before Fix) —> the intentionally vulnerable app.
-
Secure Version (After Fix) —> patched & secured app.
-
Bug Bounty Report (Mandatory) —> a professional report including:
-
Bug Title
-
Vulnerability Type (IDOR/XSS/etc.)
-
Severity
-
Steps to Reproduce
-
Payloads Used
-
Impact
-
Fix / Mitigation
-
Before/After screenshots
-
-
Hosted Web Link (Mandatory) —> deploy your app online using Railway, Render, Vercel, or any other free hosting.
-
GitHub Repository (Mandatory) —>include all code, documentation, and README.
-
LinkedIn Post (Mandatory) —> a short post about your project with screenshots or demo link.
-
Optional: 1‑minute demo video showing the exploit → fix workflow.
Tech Allowed
Any stack: Flask, Node.js, PHP, Django, Laravel, MERN, etc.
Choose what can realistically be completed in 2 days.Learning Outcomes
-
Hands-on practice with IDOR and other bug bounty vulnerabilities
-
Learn how to exploit and then secure web apps
-
Produce a professional bug bounty report
-
Gain portfolio-ready content for GitHub, Devpost, and LinkedIn
Pro Tip for Hosting:
-
Free options like Railway.app, Render, or Vercel are perfect.
-
Make sure your deployed app is fully functional for testers/judges.