Attackers and Friends

Learn basic AppSec terminologies and concepts while playing a card game.

  • Each player gets to play CISO.
  • Each CISO gets six cards.
  • CISOs draw cards until they can match pairs of attackers and friends.

Physical cardsPlay online
Tiny Bird CTF

A true beginner-friendly CTF! There are more than 50 challenges, and you can solve all of them from your browser. No tools are required. Plus, it's free!

Go to TinyBirdCTF.com
XSS Train

Want to hone your XSS skills? XSS Train is a series of labs dedicated to cross-site scripting vulnerabilities. Pop those alert boxes and win them all.

Go to xssTrain.com

What is AppSecGames?

AppSecGames brings game-based learning to software security. AppSecGames started with gamification. For example, TinyBirdCTF and XSS-Train are classic Jeopardy-style CTFs where you solve challenges and earn points. However, we soon noticed the lack of 'game-based learning' in the industry and started bringing out beautifully designed games that are "games first."

Why AppSecGames?

AppSecGames stands separate from the industry's 'serious games' like Elevation of Privilege and Cornucopia. Those are games that put "learning first.". By the way, we are not starting a war. Gamification, games-based learning, and serious games are all important in the cybersecurity industry. If you look at the industry today,

  • There are plenty CTFs in the cybersecurity field - say thousands. So, there is no shortage of gamification.
  • There is only a handful of 'serious games' in the IT security field - but hey, at least there is a handful.
  • Unfortunately, the number of 'game-based learning' is much lower than that.

Who is behind AppSecGames?

At this point, AppSecGames is a one-person show. I, Abhi Balakrishnan, design, develop, test, play, and promote the games. Thankfully, my wife and a few other friends offered to be early adopters and gave me constant feedback. Hopefully, I will get more people to play and promote these games in the coming days. Then, if I'm fortunate, I may see more people helping me design, develop, maintain, and invest in these ideas. If that happens, the world will get to see many more of these games - and I wonder how lovely that would be.

What are you trying to achieve?

My mission - have you seen people playing Minecraft and Farmville? They are playing it for fun, but they learn some cool things about farming and mining while they are playing it. How cool would it be if we could do something similar for AppSec and InfoSec? I dream about that day, and who knows - that dream may come true one day.