Frequently Asked Questions (FAQ's)

Frequently Asked Questions (FAQ's)

Labs

Is the Hack phase mandatory?
No, the Hack phase is optional. You can choose to skip it and continue with the rest of the exercise.

Does my solution need to match the expected one exactly?
No, your solution does not need to be identical to the expected one. Alternative approaches are fine, as long as they effectively address the security issue and do not interfere with the intended functionality, they will be considered valid.

Why did my lab time out, and how can I extend the timer?
Our labs are designed with a set time limit to ensure consistent training conditions. When the timer runs out, the lab session automatically ends. You can view the remaining time in the bottom-left corner of the screen during your lab session. 

Yes, lab sessions can be extended if needed. For detailed instructions, please visit our help page: https://helpcenter.secureflag.com/portal/en/kb/articles/labs#How_to_Extend_the_Duration_of_a_Lab
How do I open the browser or other programs in the lab environment?
The lab simulates a real desktop environment. You can open the browser or other applications by simply clicking their icons on the desktop, just as you would on a regular computer, or by clicking the blue icon in the top-right corner of the window.

Can I switch between or rearrange windows?
Yes! You can rearrange windows, switch between open applications, and manage your workspace freely within the lab environment.

Why is clipboard access needed in the lab environment?
The clipboard allows you to copy and paste text and code between your local workstation and the lab environment. This makes working within the lab much more efficient, especially for tasks involving commands, scripts, or troubleshooting steps.

Can I control clipboard access?
Yes, clipboard access can be enabled or disabled directly in your browser settings. If you'd like more information on how to manage this feature, please visit our help page: https://helpcenter.secureflag.com/portal/en/kb/articles/labs#Browser_Compatibility_for_Lab_Clipboards
Can I debug the application during the lab?
Yes, the application can be debugged just like in a real-life development environment. You have the flexibility to:
  1. Verify that the functionality works as expected.
  2. Inspect log files for any errors or issues.
  3. Use a debugger (if available) to identify and fix problems within the application.
Why doesn't copy/paste work in my browser?
Some browsers, such as Firefox, do not support native clipboard access in virtual environments. If you're unable to use copy/paste, we recommend switching to a supported browser such as: Google Chrome, Opera, Microsoft Edge

These browsers provide full clipboard support for a smoother lab experience.
How can I review my submitted solution and see what I changed?
You can easily view and compare your solution with the original by following these steps:
  1. Navigate to your dashboard.
  2. Click on "Run Labs" to access your completed labs.
  3. Select the relevant lab and click "Source Code Diff".
  4. This view will show a side-by-side comparison of your code and the original, highlighting the changes you made.
How can I view the expected solution for a completed lab?
To view the solution for a lab you've completed:
  1. Navigate to the Achievements page: Go to the "Achievements" page on your dashboard.
  2. Locate your completed labs: Under the "Latest Completed Labs" section, click "See All Completed Labs".
  3. View results: Find the lab for which you want to see the solution, then click "View Results".
  4. View solution: Finally, click "View Solution" to access the expected solution.
What happens if I view the solution to an unsolved lab?
Please note that if you reveal the solution for an unsolved lab, you will lose the ability to earn points for that lab for 365 days.
How can I change the keyboard layout in the lab environment? The keyboard not responding as expected
If you notice mismatched input, double-check that your keyboard layout setting matches your physical keyboard. Updating it in your SecureFlag settings usually resolves the issue. To customize your keyboard layout, follow these steps:
  1. Go to the "Settings" page on the SecureFlag platform.
  2. Navigate to the "Keyboard Layout" section.
  3. Select your preferred keyboard layout from the dropdown menu.
  4. Changes will apply to all labs.

For detailed instructions, please visit our help page: https://helpcenter.secureflag.com/portal/en/kb/articles/settings#Information
How can I change the language of the instructions in the lab?
If you want to change the language of the instructions, you can choose your preferred language from the "Translation Language" dropdown menu in the Information tab in the settings. Then, click "Save" to save it.

For detailed instructions, please visit our help page: https://helpcenter.secureflag.com/portal/en/kb/articles/settings#Information
How can I change my nickname?
If you want to change your nickname, click the refresh icon next to the nickname in the "Information" tab in "Settings" to generate a new nickname and click "Save".

For detailed instructions, please visit our help page: https://helpcenter.secureflag.com/portal/en/kb/articles/settings#Information
How can I change my job type and core technology?
If you want to change your job type and core technology, select it from the list in the "Preferences" tab under "Settings" and click "Save".

For detailed instructions, please visit our help page: https://helpcenter.secureflag.com/portal/en/kb/articles/settings#Preferences

Tournaments

What are SecureFlag Tournaments?
SecureFlag Tournaments are competitive events designed to test and enhance your security skills. Participants engage in real-world scenarios, solving challenges to earn points and climb the leaderboard.
Can I try a lab exercise multiple times in a tournament?
Yes. If you don't succeed on your first attempt, you can retry the lab as long as the tournament is active.

To do this: After failing a lab, click the "Try Again?" button to restart the lab.

Notes
Note: Each subsequent attempt will incur a 10% penalty as mentioned in the tournament rules.
How can I participate in a tournament?
To participate in a tournament and begin working on lab exercises, follow these steps:
  1. Navigate to the Tournaments page: Click on the "Tournaments" button in the left navigation bar of the platform.
  2. Find the tournament: Select the "Active Tournaments" tab to locate the tournament (e.g., <Tournament name>) you want to join.
  3. Start a lab exercise: Once the "Tournament Labs" section becomes active, you will see a list of available lab exercises. Click the "Start" button below the lab exercise you wish to begin.
Are tournaments time-bound?
Yes, tournaments are time-bound, meaning they have both a start and end date/time. Be sure to check the tournament details for these timeframes.
How does the lab timer work, and how long do I have to complete a lab?
Each lab has a set time limit, which begins as soon as you click the "Run Lab" button. Once the lab starts:
  1. A countdown timer will appear in the bottom-left corner of your screen.
  2. This timer shows exactly how much time you have remaining to complete the activity.
  3. It's important to manage your time accordingly, as the lab will automatically end when the timer reaches zero.

Can I extend the lab timer during a tournament?
No, during a tournament, the lab timer cannot be extended while the lab is in progress. Be sure to plan your attempts carefully within the given time window.
How can I view the results or leaderboard of a finished tournament?
To check the results or leaderboard of a completed tournament, follow these steps:
  1. Navigate to the Tournaments page: Click the "Tournaments" button in the left navigation bar.
  2. Access finished tournaments: Click the "Finished Tournaments" tab to view tournaments that have already ended.
  3. View results: Once you find the tournament you're interested in, click the "View Results" button to see the leaderboard and detailed results.
 

Assignments

What are the available assignment strategies in SecureFlag?
There are four assignment strategies:
  1. None: No activities are automatically assigned. Ideal for manual, ad-hoc assignments.
  2. Initial Plan: Assigns a comprehensive training plan based on your organization's predefined structure.
  3. Initial Path: Assigns a learning path tailored to the user's core technology, based on their onboarding questionnaire.
  4. Initial Labs: Assigns two initial labs based on the user's selected technology during onboarding.
How do I set up an Initial Plan for my organization?
To set up an Initial Plan:
  1. Navigate to the "Orgs" tab.
  2. Click "Details" to view your organization's details.
  3. Under the "Training Activities" section, select "Assign Activities" and choose the "Training Plan" tab.
  4. Click "Add Iteration" to define training iterations.
  5. You can create iterations based on specific dates or durations. For detailed steps, refer to the "Setting Assignment Strategy" guide here. 
What are the suggested training plan formats?
SecureFlag recommends three training plan formats:
  1. Lightweight Plan (10–16 hours): Suitable for organizations introducing secure coding programs.
  2. Standard Plan (18–26 hours): A balanced approach for most organizations.
  3. Intensive Plan (26–40 hours): Comprehensive coverage, ideal for security champions. Each plan can be configured using training iterations to align with your organization's goals and developer availability.
How are training iterations assigned to new users?
Training iterations are assigned every eight hours and automatically applied to newly onboarded users if the "Initial Plan" strategy is selected.
Can I manually assign activities to users?
Yes, if you select the "None" strategy, you can manually assign activities to specific teams or individual users as needed. For step-by-step instructions on manual assignments, refer to the "Simple Assignments" guide here.
What is the Initial Path strategy?
The "Initial Path" strategy is a curated set of hands-on exercises designed to establish baseline secure coding skills. It is automatically tailored to each user's selected technology (e.g., Java, .NET, Python) during onboarding.
How is the Initial Path assigned?
Users select their core technology in the onboarding questionnaire. Based on that selection, SecureFlag assigns a path that aligns with common vulnerabilities and best practices for that specific tech stack.
Can users access other content while on the Initial Path?
Yes. Users can still browse and complete other available challenges or training content, depending on organizational permissions. However, completing the Initial Path is often prioritized as a key onboarding milestone.
 

 



    • Related Articles

    • Teams

      There’s no “I” in “team”, especially when the team is competing for secure coding glory! To view your team’s details, click on the Team button on the left navigation bar. The Team section of our platform helps you keep track of your team's progress ...
    • Support

      If you're struggling with a Lab and have been unable to find a solution after multiple attempts, we are here to help. You can get in touch with the Support team for assistance by using our feedback forms. Below are a few ways to get in touch with ...
    • Settings

      Under the Settings section of the platform, you will be able to find your profile Information, Preferences, and Security settings. To access settings, click on the Settings button located in the bottom left corner of the navigation bar. Information ...
    • Labs

      The SecureFlag Catalog has a range of Labs across different technologies, enabling participants to identify challenges and explore the vulnerability types in technologies and programming languages that best suit their needs. Each Lab consists of ...