<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: SecDim</title>
    <description>The latest articles on DEV Community by SecDim (secdim).</description>
    <link>https://dev.to/secdim</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F12570%2Fdbcbfcbb-fd1b-46a6-99b0-a633ebff77ef.png</url>
      <title>DEV Community: SecDim</title>
      <link>https://dev.to/secdim</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/secdim"/>
    <language>en</language>
    <item>
      <title>OAuth Challenges now Available</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Tue, 07 Jul 2026 04:57:44 +0000</pubDate>
      <link>https://dev.to/secdim/oauth-challenges-now-available-2e2</link>
      <guid>https://dev.to/secdim/oauth-challenges-now-available-2e2</guid>
      <description>&lt;p&gt;OAuth’s core purpose is secure delegation of access, but when apps blindly trust any valid token without verifying it, the trust model breaks down.&lt;/p&gt;

&lt;p&gt;We built challenges that demonstrate how an adversary can use tokens from one service to impersonate users on completely unrelated platforms, effectively bypassing authentication and hijacking accounts.&lt;/p&gt;

&lt;p&gt;The challenges are available in all popular languages:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://play.secdim.com/game/c/challenge/oauthcs" rel="noopener noreferrer"&gt;C# Oauth&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://play.secdim.com/game/java/challenge/oauthjava" rel="noopener noreferrer"&gt;Java Oauth&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://play.secdim.com/game/python/challenge/oauthpy" rel="noopener noreferrer"&gt;Python OAuth&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://play.secdim.com/game/php/challenge/oauthphp" rel="noopener noreferrer"&gt;PHP Oauth&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://play.secdim.com/game/javascript/challenge/oauthjs" rel="noopener noreferrer"&gt;JS Oauth&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://play.secdim.com/game/typescript/challenge/oauthts" rel="noopener noreferrer"&gt;TS OAuth&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Ruby OAuth (Coming soon, check back often!)&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>webdev</category>
      <category>programming</category>
      <category>security</category>
      <category>cybersecurity</category>
    </item>
    <item>
      <title>Get a Prize for Challenge Submissions</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Thu, 02 Jul 2026 01:34:57 +0000</pubDate>
      <link>https://dev.to/secdim/get-a-prize-for-challenge-submissions-51jc</link>
      <guid>https://dev.to/secdim/get-a-prize-for-challenge-submissions-51jc</guid>
      <description>&lt;p&gt;Less than a Month left until Submissions Close!&lt;/p&gt;

&lt;p&gt;Build a challenge and submit it for the SecDim “Fix the Flag” competition at AppSec Village  @ DEF CON 34&lt;/p&gt;

&lt;p&gt;Winners get Prizes!&lt;/p&gt;

&lt;p&gt;&lt;a href="https://www.appsecvillage.com/ctf" rel="noopener noreferrer"&gt;Check it out now&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>security</category>
      <category>learning</category>
      <category>cybersecurity</category>
    </item>
    <item>
      <title>SecDim Gift Cards are now available!</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Wed, 01 Jul 2026 02:09:24 +0000</pubDate>
      <link>https://dev.to/secdim/secdim-gift-cards-are-now-available-34f7</link>
      <guid>https://dev.to/secdim/secdim-gift-cards-are-now-available-34f7</guid>
      <description>&lt;p&gt;SecDim Gift Cards are now available for Pro subscriptions, so you can help a friend, colleague, student, or teammate level up their security skills with hands-on secure coding training. &lt;/p&gt;

&lt;p&gt;A practical gift for developers who want to write safer code, sharpen their AppSec instincts, or learn secure vibe coding. &lt;/p&gt;

&lt;p&gt;Give someone the &lt;a href="https://secdim.com/pricing/#gift" rel="noopener noreferrer"&gt;Gift of Secure Coding&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>productivity</category>
      <category>security</category>
      <category>software</category>
    </item>
    <item>
      <title>Ditch rigid, one-size-fits-all learning paths. Build your own.</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Thu, 25 Jun 2026 06:02:24 +0000</pubDate>
      <link>https://dev.to/secdim/ditch-rigid-one-size-fits-all-learning-paths-build-your-own-42fi</link>
      <guid>https://dev.to/secdim/ditch-rigid-one-size-fits-all-learning-paths-build-your-own-42fi</guid>
      <description>&lt;p&gt;Traditional security training doesn't work for everyone. You either waste time revisiting concepts you already know, or jump into advanced topics before you're ready.&lt;/p&gt;

&lt;p&gt;The new SecDim MCP changes that. Connect it to your AI assistant to build a secure coding and secure AI learning path tailored to your experience, goals, and available time.&lt;/p&gt;

&lt;p&gt;Connect it to your AI assistant to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Generate personalised learning paths aligned with your engineering goals.&lt;/li&gt;
&lt;li&gt;Discover short courses and hands-on challenges relevant to your technology stack.&lt;/li&gt;
&lt;li&gt;Explore secure coding content directly within your workflow.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Integrations instructions can be found here:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://support.secdim.com/support/integrations/mcp-server" rel="noopener noreferrer"&gt;https://support.secdim.com/support/integrations/mcp-server&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>programming</category>
      <category>productivity</category>
      <category>security</category>
    </item>
    <item>
      <title>FIFA World Cup 2026 Broadcast Hack: API Vulnerability Exposed Live Stream Control</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Tue, 23 Jun 2026 02:40:43 +0000</pubDate>
      <link>https://dev.to/secdim/fifa-world-cup-2026-broadcast-hack-api-vulnerability-exposed-live-stream-control-29o9</link>
      <guid>https://dev.to/secdim/fifa-world-cup-2026-broadcast-hack-api-vulnerability-exposed-live-stream-control-29o9</guid>
      <description>&lt;p&gt;During the FIFA World Cup 2026, a security researcher registered a standard account on FIFA's public player agent portal. &lt;/p&gt;

&lt;p&gt;That registration provided access to internal systems used in the tournament's live broadcast infrastructure, creating a path to hijack the broadcast.&lt;/p&gt;

&lt;p&gt;We created a course to tackle these security problems within tenants.&lt;/p&gt;

&lt;p&gt;Our Tenant Zero course examines the tenant security weaknesses behind this scenario, how they could have been prevented, and includes hands-on labs to reinforce the concepts.&lt;/p&gt;

&lt;p&gt;Try it on SecDim Learn: &lt;a href="https://learn.secdim.com/course/tenant-zero" rel="noopener noreferrer"&gt;https://learn.secdim.com/course/tenant-zero&lt;/a&gt;&lt;/p&gt;

</description>
      <category>webdev</category>
      <category>programming</category>
      <category>security</category>
      <category>cybersecurity</category>
    </item>
    <item>
      <title>Win Prizes at DEF CON 34 | Submit a Challenge Now!</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Thu, 18 Jun 2026 06:38:40 +0000</pubDate>
      <link>https://dev.to/secdim/win-prizes-at-def-con-34-submit-a-challenge-now-3mm4</link>
      <guid>https://dev.to/secdim/win-prizes-at-def-con-34-submit-a-challenge-now-3mm4</guid>
      <description>&lt;p&gt;The Prizes for the SecDim AppSec Village Wargame CtF at DEF CON 34 has been announced!&lt;/p&gt;

&lt;p&gt;Build and submit a challenge and get a chance to Win a ROG Xbox Ally if your challenge submission wins 1st Place!&lt;/p&gt;

&lt;p&gt;Challenge submissions close on 31 July.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://sessionize.com/appsec-village-wargame" rel="noopener noreferrer"&gt;https://sessionize.com/appsec-village-wargame&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>security</category>
      <category>cybersecurity</category>
      <category>showdev</category>
    </item>
    <item>
      <title>New GCP Challenges Released</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Wed, 17 Jun 2026 07:34:47 +0000</pubDate>
      <link>https://dev.to/secdim/new-gcp-challenges-released-58e4</link>
      <guid>https://dev.to/secdim/new-gcp-challenges-released-58e4</guid>
      <description>&lt;p&gt;We’ve expanded our Google Cloud Platform (GCP) challenge catalogue with a new set of hands-on cloud security scenarios covering common services and configurations.&lt;/p&gt;

&lt;p&gt;These challenges focus on security issues and misconfigurations commonly encountered in cloud environments, giving practitioners practical experience identifying and remediating them.&lt;/p&gt;

&lt;p&gt;Try them now on SecDim Play!&lt;/p&gt;

&lt;p&gt;👉 &lt;a href="https://secdim.com/news/new-gcp-security-challenges-19187/" rel="noopener noreferrer"&gt;https://secdim.com/news/new-gcp-security-challenges-19187/&lt;/a&gt;&lt;/p&gt;

</description>
      <category>webdev</category>
      <category>programming</category>
      <category>security</category>
      <category>cloud</category>
    </item>
    <item>
      <title>NDC Sydney 2026 AI Wargame Winners</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Tue, 16 Jun 2026 02:19:03 +0000</pubDate>
      <link>https://dev.to/secdim/ndc-sydney-2026-ai-wargame-winners-46e1</link>
      <guid>https://dev.to/secdim/ndc-sydney-2026-ai-wargame-winners-46e1</guid>
      <description>&lt;p&gt;We held an AI Wargame at NDC Sydney 2026.&lt;/p&gt;

&lt;p&gt;Congratulations to the Winners: zakazai, Brendon Atkins and wicksipedia&lt;/p&gt;

&lt;p&gt;They finished at the top of the leaderboard after tackling challenges covering exploitation, secure coding, and vulnerability remediation in AI applications.&lt;/p&gt;

&lt;p&gt;Thanks to everyone who participated. We look forward to the next one.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>programming</category>
      <category>security</category>
      <category>cybersecurity</category>
    </item>
    <item>
      <title>50 days Left! - Submit a challenge for AppSec Village at DEF CON 34.</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Thu, 11 Jun 2026 08:02:17 +0000</pubDate>
      <link>https://dev.to/secdim/50-days-left-submit-a-challenge-for-appsec-village-at-def-con-34-2chm</link>
      <guid>https://dev.to/secdim/50-days-left-submit-a-challenge-for-appsec-village-at-def-con-34-2chm</guid>
      <description>&lt;p&gt;There are 50 days remaining to submit a challenge for the SecDim "Fix the Flag" competition at AppSec Village™, DEF CON 34.&lt;/p&gt;

&lt;p&gt;Build a vulnerable application, define the intended fix, and put defenders to the test.&lt;/p&gt;

&lt;p&gt;If you've ever looked at a security vulnerability and thought "this might be a challenge to patch", now is your chance.&lt;/p&gt;

&lt;p&gt;Submissions will be featured in the Wargame competition, with prizes for the best ones provided by XBOW.&lt;/p&gt;

&lt;p&gt;👉 &lt;a href="https://sessionize.com/appsec-village-wargame" rel="noopener noreferrer"&gt;https://sessionize.com/appsec-village-wargame&lt;/a&gt;&lt;/p&gt;

</description>
      <category>programming</category>
      <category>opensource</category>
      <category>cybersecurity</category>
      <category>security</category>
    </item>
    <item>
      <title>Why you should not use JavaScript sandbox</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Wed, 10 Jun 2026 04:39:39 +0000</pubDate>
      <link>https://dev.to/secdim/why-you-should-not-use-javascript-sandbox-cjh</link>
      <guid>https://dev.to/secdim/why-you-should-not-use-javascript-sandbox-cjh</guid>
      <description>&lt;p&gt;We previously highlighted comments from the vm2 maintainers acknowledging that future sandbox escapes are likely and that vm2 should not be relied upon as a sole security control.&lt;/p&gt;

&lt;p&gt;We promised a write-up. Here it is.&lt;/p&gt;

&lt;p&gt;Using the recent vm2 escape (CVE-2026-22709) as a case study, we ask:&lt;/p&gt;

&lt;p&gt;Can an in-process JavaScript sandbox ever be treated as a security boundary?&lt;/p&gt;

&lt;p&gt;We examine why sandbox escapes continue to occur, the architectural challenges behind them, and why stronger isolation models are often a better investment when executing untrusted code.&lt;/p&gt;

&lt;p&gt;The core flaw is that vm2 attempts to enforce isolation inside the same language runtime, which has no concept of privilege separation.&lt;/p&gt;

&lt;p&gt;The approach taken to patch the vulnerability is to wrap a finite set of intrinsics and methods (e.g. Promise) that could lead to a sandbox escape. This design decision has the same failure mode as a blacklist. We disallow a finite set of items that we know can cause harm. If we miss an item, type, path, or introduce a new object, a sandbox bypass can emerge.&lt;/p&gt;

&lt;p&gt;If application security is implemented merely by chasing exploitable scenarios, it shows a deep insecure design flaw. This approach does not guarantee safety and it remains open for future exploitation.&lt;/p&gt;

&lt;p&gt;Read the entire article here:&lt;/p&gt;

&lt;p&gt;👉 &lt;a href="https://secdim.com/blog/post/why-you-should-not-use-javascript-sandbox-19165/" rel="noopener noreferrer"&gt;https://secdim.com/blog/post/why-you-should-not-use-javascript-sandbox-19165/&lt;/a&gt;&lt;/p&gt;

</description>
      <category>webdev</category>
      <category>programming</category>
      <category>javascript</category>
      <category>security</category>
    </item>
    <item>
      <title>CtF Submissions for DEF CON 34 are now open.</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Wed, 03 Jun 2026 07:41:07 +0000</pubDate>
      <link>https://dev.to/secdim/ctf-submissions-for-def-con-34-are-now-open-594g</link>
      <guid>https://dev.to/secdim/ctf-submissions-for-def-con-34-are-now-open-594g</guid>
      <description>&lt;p&gt;Challenge submissions for the AppSec Village Wargame Contest at DEF CON 34 are now open.&lt;/p&gt;

&lt;p&gt;Think you have what it takes to make the most interesting AppSec challenge? Now is a good time to get started.&lt;/p&gt;

&lt;p&gt;Build challenges with the Open Source SecDim Play SDK and win prizes at DEF CON 34.&lt;/p&gt;

&lt;p&gt;👉 &lt;a href="https://secdim.com/defcon/" rel="noopener noreferrer"&gt;https://secdim.com/defcon/&lt;/a&gt;&lt;/p&gt;

</description>
      <category>security</category>
      <category>programming</category>
      <category>python</category>
      <category>opensource</category>
    </item>
    <item>
      <title>Coming Soon: vm2 and JS Sandboxes</title>
      <dc:creator>Hamza</dc:creator>
      <pubDate>Tue, 02 Jun 2026 03:31:08 +0000</pubDate>
      <link>https://dev.to/secdim/coming-soon-vm2-and-js-sandboxes-1eob</link>
      <guid>https://dev.to/secdim/coming-soon-vm2-and-js-sandboxes-1eob</guid>
      <description>&lt;p&gt;The maintainers of vm2 have been honest about its limitations.&lt;/p&gt;

&lt;p&gt;They have been explicit that new sandbox bypasses are likely to occur and that vm2 should not be relied on as a sole security control.&lt;/p&gt;

&lt;p&gt;It is a welcome trend to see maintainers openly discuss the limitations and security assumptions of their projects.&lt;/p&gt;

&lt;p&gt;Later this month, we'll be publishing a write-up on vm2 and the security implications of JavaScript sandboxes. Stay tuned.&lt;/p&gt;

</description>
      <category>webdev</category>
      <category>javascript</category>
      <category>programming</category>
      <category>security</category>
    </item>
  </channel>
</rss>
