Cracking the code at Mendix Capture The Flag 2024

Nina Morsa
|
October 21, 2024

Imagine a playground where 700 developers join forces to outsmart several security challenges, in a tough race to capture as many flags as possible. That’s what the Mendix Capture The Flag Event is all about. And as proud Mendix Experts, we could not miss this party!

Go break it!

Capture The Flag is a yearly online and offline event where Mendix developers learn to detect and exploit vulnerabilities in Mendix applications. It's all about training developers to spot potential security issues and making sure they can build robust, secure applications. 

Over two intense days, participants faced 24 hacking challenges designed to test their knowledge of application security. To elevate our knowledge and awareness of security issues in Mendix apps even more, Rene van Hofwegen, John Sinteur, and Hunter Koppen gave some very insightful workshops.

Learning to think like a hacker 

With 5 men strong, “Team BlueBees” joined the CTF event at the Mendix Rotterdam office for 2 days. Besides that, we had our colleagues Rianne and Niels backing us up online, helping us crack the challenges from a distance.

As Mendix Experts, we’re more used to making than breaking Mendix Apps… So for some of us, this was a whole new experience. But with good teamwork and hinting for some clues at other joining teams, we managed to obtain a very honorable 5th place! 

Geared up with pentesting and hacking tools such as Burb, we tackled over 24 mind-bending challenges (between the two teams). Our key learning was that it’s concerning how much data you can retrieve from Mendix apps with badly applied security measurements. 

Bringing the hack back home

Of course, Capture the Flag is 2 days of fun and catching up with other Mendixers, but it mostly is a wake-up call. Our awareness of security within Mendix applications has risen significantly, and we’re more than eager to transfer our new knowledge to our colleagues.

This we’ll do by:

  • Host an internal Mendix Mingle with our key learnings of CTF and a demo of how to pentest your Mendix app with a tool such as Burb
  • Add a renewed security chapter to our already existing Dev Guidelines
  • Write a Mendix Ignite Newsletter (published by our Product MVP Mitchel Mol) with his key insights and learnings from CTF2024

The future is more and more secure

You bet we'll be back for CTF 25! We were so hyped about this event, that next year we surely will try to get the whole Blue Green Solutions team involved.

And remember, in the world of app development, being always aware of potential threats isn't being paranoid – it's more than essential. Let's keep building, but let's build securely!

Mx Ignite Feature Flash
Advent Calendar

Receive your daily Christmas Spirit with our Mendix 10 feature video's
Watch now!
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Mx Ignite Feature Flash
Advent Calendar

Receive your daily Christmas Spirit with our Mendix 10 feature video's
Watch now!
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.