This article provides a comprehensive guide on how to play a challenge on the platform. We will explain all the different stages and how to successfully complete each one.
Before we dig in, It's important to note that as you play challenges some features may not be available depending on the module in which you are playing.
Hints | Retries | Solutions explanation | Reveal Answer | |
Training | Yes | Yes | Yes | Yes |
Courses | Configurable | Yes | Yes | No |
Assessments | No | No | No | No |
Tournaments | Configurable | Max 3 lives/retries per stage | Yes | No |
Stages
Select the Vulnerability Category
In this stage, you will be provided with several categories with their respective sub-categories to choose from. The code in this challenge relates to one of these categories.
Your goal is to analyze the vulnerable chunks (marked with caution mark ⚠️ ) and figure out what vulnerability begins at that point. Once you have looked through the code, select the category that most relate to the vulnerability seen in the code.
Note: Code blocks marked with a light bulb (💡) aren't vulnerable but give extra context for the challenge.
You also have the ability to rule out answers that you are confident are incorrect, making it easier for you to keep track of what you have ruled out and what you still need to consider.
Tip: You can undo this action by clicking the same button.
After you select a vulnerability press the “Submit answer” button. You will be notified whether your answer is correct or incorrect.
Locate Vulnerability
In this stage, you will be presented with an app with some files marked as vulnerable (⚠️) and each of which includes one or more vulnerable code chunks.
Note: Look through All files marked with the caution mark ⚠️ and select the code chunk where the vulnerability is first introduced (This is not necessarily where the most important fix occurs).
There are additional meaningful markings in the challenge screen to help you keep track of your progress; each code block is marked with an icon that indicates its status:
- Unticked checkbox: unselected code block that can be submitted as an answer.
- Ticked checkbox: a code block selected in order to be submitted as an answer.
- Unticked-disabled checkbox: unselected code block that has been ruled out from being a correct answer.
- Cross: a code block that was previously submitted as an answer, but it's not the correct answer.
- Lightbulb: a code block contributing to the vulnerability
- Unlocked padlock: a code block that has been eliminated after using a hint.
- Check Mark: a code block that was submitted as an answer and is correct.
Tip: You can use the Quickswitch arrows (⬆️ ⬇️) which will jump between all vulnerable files and code blocks. Or toggle the "Highlighted files only" to show only files marked as vulnerable in the file tree.
You also have the ability to rule out answers that you are confident are incorrect, making it easier for you to keep track of what you have ruled out and what you still need to consider.
Tip: You can undo this action by clicking the same button.
Click “Submit answer” to submit your answer. You will then be informed whether you have passed or failed the stage.
Note: When you retry a challenge, previously submitted incorrect answers will be marked with an X so you don't accidentally submit the same answer twice.
Identify Solution
In this stage, you will be presented with the vulnerable code (on the left) and 4 possible solutions to fix this code (on the right). After analyzing the differences in the solutions, find which one looks to be the most secure.
Click on the numbers (1 to 4) on the right side to see the different solutions.
Note: When you retry a challenge, previously submitted incorrect solutions will be marked with an X so you don't accidentally submit the same solution twice.
After you find the solution you believe is correct, click the "Submit answer" button in the top right to choose that solution. You then will be informed whether your answer was correct/incorrect
Contributing chunks are marked with a lightbulb mark and it means that it is code that contributes to the vulnerability but is not where it begins. The contributing chunks are not selectable in the locate vulnerability stage.
For example:
FAQ:
1. Can a challenge have identical solutions?
No, check out this article about Identical Solutions, and make sure you look out for changes in other files in this challenge.
2. Why one of the solution files is blank?
There's nothing wrong with the solution. It simply means the solution you're currently viewing recommends deleting the selected file. Please read this article for more details Why is one of the Solution files blank?
Related Links:
Comments
0 comments
Please sign in to leave a comment.