Hi there, For all those application security professionals and enthusiasts out there here is the first challenge to win a free entrance ticket for AppSec EU 2011. *Introduction* As some of you might know, Vicnum is an OWASP project which consists of a flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. The tool could also be used by those setting up 'capture the flag' exercises or by those who just want to have some fun with web assessments. The Vicnum project was developed for educational purposes by Mordecai Kraushar from Ciphertechs. For today, we have prepared a customised version of Vicnum The Game that contains several exercises for your enjoyment. *The Game* The computer will think of a three digit number with unique digits. After you attempt to guess the number, the computer will tell you how many of your digits match and how many are in the right position. Keeping on submitting three digit numbers until you have guessed the computer's number. In order to win an free ticket to AppSec EU 2011 you need to solve the following exercises of Vicnum The Game. - Hack the game: Have a guess count of zero and a guess value > 999 - Hack the database: Find the Vicnum player with the worst possible score (if there is a tie find the older record). Place another record in the database with that player's name concatenated to your name and with a positive score. Once you solve the exercises, please send us an email to ireland@owasp.org with your full name and details on how you accomplished this goal. The first one who solves these exercises gets a free ticket to OWASP AppSec EU 2011! Please visit http://www.appseceu.org/?page_id=175 to find out further details about the challenge. A big THANKS goes to Mordecai for setting up and customizing the challenge. Thank you and best of luck everyone! Fabio Cerullo