MENDIX CAPTURE THE FLAG 2024
OCTOBER 10 & 11
During this Capture The Flag (CTF) hacking event, you will have two days to detect and exploit vulnerabilities in Mendix web applications, collect flags, and score points. This unique opportunity is made possible through the joint efforts of The S-Unit, Mendix, Low-Code Academy, and Kobeon, showcasing their combined expertise in cybersecurity and application development.
The CTF serves as the ultimate challenge to prove yourself and test your hacking and development knowledge and skills using state-of-the-art security technologies. But there is more! The event offers the unique opportunity to meet fellow hackers, developers and Mendix enthusiasts from around the world and to exchange experiences and knowledge. Workshops, hosted by security experts, will provide hands-on experience with the latest technologies and trends, teaching you how to make your Mendix applications more secure and how to avoid common pitfalls. If you hack your way to the top 3, you can claim eternal fame and some amazing prizes!
Join us on October 10-11 in the Mendix Rotterdam office or online, and experience an exciting journey of hacking, learning, and networking.
- More beginner friendly
- Lunch and dinner are now also included on day 1 (and lunch on day 2)
- More time to hack! CTF 24 is two full days
- 00DAYS LEFT


John Sinteur – Security in the Mendix platform

If you are looking to learn, strictly speaking, there is no prior hacking skill requirement. The competition will have multiple challenges, with difficulty levels varying from very beginner to highly advanced. Additionally, there will be introductory workshops for those unfamiliar with security or hacking with tips and tricks to get you started.
However, do keep in mind that hacking is an exercise that is technical in nature, which means that some familiarity and experience with the technical aspects of Mendix/web applications go a long way.
You sign up to the CTF individually at https://p0wnparty.nl/mendix/. When the CTF starts, you will get access to the event app that contains the challenges, scoreboard, and teams. You can create, invite, and join teams in this app.
A team can hold up to 5 people. If you don’t have a team prior to the event don’t worry! You may find other team members at the event itself, or you can talk to other participants and ask questions in the CTF channel on the Mendix Community Slack. Not a member yet? Create an account here: http://bit.ly/mxslack.
There are 150 seats for the in-person part of the event in the Mendix Office in Rotterdam. There is no limit to the number of online attendees.
On October 4th, the Mendix office is open from 2PM until 9PM. There will be drinks and snacks but not dinner. You cannot stay at the office overnight. On October 5th, the office will open from 9AM till 5PM.
On Oct 4th, there will be snacks and drinks in the afternoon. While Mendix does not provide dinner for this event, we recommend any of the restaurants around the Mendix office. You can take your food to the 6th floor cafeteria (enter through the 5th floor), just make sure you clean everything up nicely, like at home 😉
On Oct 5th, there will be snacks and drinks in the morning and afternoon. Lunch will start at 11:30 AM on the 5th floor and can be had in the 6th-floor cafeteria. When you’re done, take your tray down to the 5th floor and clear it away. Do NOT be late, because you will have to queue up with the rest of the Mendix employees. Unless that’s exactly what you want.
The opening and closing ceremonies and workshops will be streamed live on Zoom. The links to the sessions will be shared in the CTF channel on the Mendix Community Slack. Not a member yet? Create an account here: http://bit.ly/mxslack.
Although not strictly necessary, there are a few things that can make participation in the CTF significantly easier:
- Knowledge of JavaScript and the Mendix Client API:
- Access to / experience with a local web proxy, such as Burp Suite or OWASP Zap
For those who are new to hacking, there will be beginner workshops on security and hacking Mendix application during the event. There will also be coaches on site and online who can give tips and hints to teams concerning the challenges. Note that this is still a competition, which means that as the difficulty of the challenges increases, the number of hints and the level of details provided by coaches will decrease significantly.
You can find the full schedule at https://p0wnparty.nl/mendix/.
Yes.