Creating Open Source Avatao exercises

Track: Misc
When: Tue PM-1,PM-2
Where: DevSecCon
Organizers Mark Felegyhazi , Gergo Turcsanyi Gergo Turcsanyi , Gabor Pek Gabor Pek
Participants Pedro Laguna Pedro Laguna


The goal of this session is to create hands-on IT security exercises using the open-source Avatao challenge toolbox. These open-source challenges can be built and launched locally by Docker containers and optionally uploaded to the avatao online platform. The goal is to bring hands-on IT security knowledge to anyone interested in this profession. Challenge creation also helps participants to understand given vulnerabilities and security issues at a deeper level.

The suggested outline is the following:

  • Introduce Avatao challenge types (e.g., secure coding, operation, web security)
  • Introduce Avatao challenge toolbox to learn how to build, run and test new challenges
  • Avatao team members guide the sessions, help participants and answer emerging questions


During the working sessions several open-source Avatao challenges will be created by the participants. To achieve this, we highly recommend to join the introductory (i.e., first) session so as to know how to bootstrap.

There are various type of challenge languages (e.g., c, cpp, java, c#, node.js, python) and types (e.g., terminal, web, IDE) supported by Avatao. We suggest to pick a topic that fits the existing build environments as we won’t have time to setup new ones during the working sessions.

Feel free to share your knowledge :)

Register as participant

To register as participant add Creating Open Source Avatao exercises to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all User Sessions