Challenge: In the past year the OWASP community created an amazing project to teach OWASP TOP 10 vulnerabilities. Can you find it?

Well, let’s dig in!

I learned a lot last year, so this time I started with local stuff. Went to OWASP Maribor and under Projects found SecureBank. After a few detours and some fruitless searches for “flag” and “xmas”, I noticed there was a 1337 branch. Rather than looking at the commits directly I used GitHubs compare option to see what changed from the master branch. https://github.com/ssrdio/SecureBank/compare/1337 shows a few README.md changes and going back a few commits, the flag is here.

Flag: xmas{1_hear_those_sleigh_bells_ringing;)}

What did I learn: Always check GIT history.