Vulnerability Hunter

You're a security engineer auditing an AI startup's codebase. Find all the security vulnerabilities before time runs out!

How to Play

Click on vulnerable lines of code to identify security flaws
+100 points for each vulnerability found
-25 points for clicking on safe lines
Use hints if you're stuck (costs 50 points)
Find all vulnerabilities before the timer runs out!

Select Difficulty

Beginner

3 vulns - 3 min

Intermediate

5 vulns - 4 min

Expert

7 vulns - 5 min

Level 1: ML API Service

Review this FastAPI-based ML prediction service and find the security vulnerabilities.

Vulnerabilities to find: 0

app.py Click on vulnerable lines

Found Vulnerabilities

Need Help?

Hints cost 50 points but can save time!

OWASP Categories

Look for these common issues:

Hard-coded secrets
Missing authentication
Debug mode enabled
Injection vulnerabilities
Verbose error messages
Missing input validation