Imagine a playground where 700 developers join forces to outsmart several security challenges, in a tough race to capture as many flags as possible. That’s what the Mendix Capture The Flag Event is all about. And as proud Mendix Experts, we could not miss this party!

Go break it!

Capture The Flag is a yearly online and offline event where Mendix developers learn to detect and exploit vulnerabilities in Mendix applications. It's all about training developers to spot potential security issues and making sure they can build robust, secure applications. 

Over two intense days, participants faced 24 hacking challenges designed to test their knowledge of application security. To elevate our knowledge and awareness of security issues in Mendix apps even more, Rene van Hofwegen, John Sinteur, and Hunter Koppen gave some very insightful workshops.

Learning to think like a hacker 

With 5 men strong, “Team BlueBees” joined the CTF event at the Mendix Rotterdam office for 2 days. Besides that, we had our colleagues Rianne and Niels backing us up online, helping us crack the challenges from a distance.

As Mendix Experts, we’re more used to making than breaking Mendix Apps… So for some of us, this was a whole new experience. But with good teamwork and hinting for some clues at other joining teams, we managed to obtain a very honorable 5th place! 

Geared up with pentesting and hacking tools such as Burb, we tackled over 24 mind-bending challenges (between the two teams). Our key learning was that it’s concerning how much data you can retrieve from Mendix apps with badly applied security measurements. 

Bringing the hack back home

Of course, Capture the Flag is 2 days of fun and catching up with other Mendixers, but it mostly is a wake-up call. Our awareness of security within Mendix applications has risen significantly, and we’re more than eager to transfer our new knowledge to our colleagues.

‍

This we’ll do by:

• Host an internal Mendix Mingle with our key learnings of CTF and a demo of how to pentest your Mendix app with a tool such as Burb
• Add a renewed security chapter to our already existing Dev Guidelines
• Write a Mendix Ignite Newsletter (published by our Product MVP Mitchel Mol) with his key insights and learnings from CTF2024

The future is more and more secure

You bet we'll be back for CTF 25! We were so hyped about this event, that next year we surely will try to get the whole Blue Green Solutions team involved.

And remember, in the world of app development, being always aware of potential threats isn't being paranoid – it's more than essential. Let's keep building, but let's build securely!