Identifying vulnerabilities, taking responsibility, creating real security – and learning in a hands-on way: That’s what the Hacker Contest at TU Darmstadt is all about.
27 students, nine teams, one goal: to train in the secure handling of vulnerabilities – from analysis to hacking to responsible disclosure. Once again, the Hacker Contest demonstrated what practical training in IT security can look like – and how young talents can contribute to digital security.
From theory to practice
The proven concept of the Hacker Contest once again relied on a multi-stage teaching format this winter semester. Participants acquired solid knowledge about penetration testing, vulnerability analysis, and responsible disclosure – i.e., the professional handling of discovered security flaws.
In the PentestLab, they were able to directly apply this knowledge and test it in realistic scenarios. Many students praised the hands-on format: trying out different attack techniques, thinking creatively, and navigating complex attack chains – all of this was trained in the PentestLab.
Vulnerabilities with real-world impact
In a practical exercise, students analyzed popular open-source software with the goal of identifying security-relevant vulnerabilities. The results show that the findings went far beyond academic exercises and had real-world relevance.
Tobias Hamann, Managing Security Consultant at usd HeroLab:
“The students showed that they are capable of analyzing complex security issues and identifying vulnerabilities that are highly relevant to companies and development teams. A remarkable contribution to #moresecurity.”
Responsible Disclosure: Security is more than just hacking
In the practical task, students not only trained their technical security analysis skills but also practiced responsible security communication.
Tim Wörner, Managing Security Consultant at usd HeroLab:
“Responsible security research doesn’t just mean finding vulnerabilities – it means documenting them clearly, communicating them effectively, and considering all stakeholders involved. The participants demonstrated this impressively.”
The students reported their findings directly to the respective developers. Some security issues have already been resolved quickly, while responses to others are still pending or in progress. Several participants received positive feedback – a strong signal from the field.
All reports followed the usd Responsible Disclosure Policy. The goal: to handle vulnerabilities responsibly and give development teams the opportunity to fix them before any details are made public.
Matthias Göhring, Head of usd HeroLab:
“We encouraged students to publish their responsible disclosure findings independently. We’re excited to see the results.”
One student has already published their vulnerabilities: Finding Security Vulnerabilities in Open-Source Repos. Such publications make an important contribution: they inform users about necessary updates, raise awareness for security risks, and promote knowledge exchange within the security community.
Hacker Contest: More than just a competition
The Hacker Contest at TU Darmstadt shows: IT security requires both technical expertise and responsibility.
We thank all participants for their commitment and their contribution to #moresecurity. We look forward to seeing how their findings continue to develop.
