ZetaHacks 1.0 – All You Need To Know


ZetaHacks 1.0 (Workflow)


Prerequisites

Team: 4 members or less, you can go solo too 🙂

Scope: implement any Zeta product specific workflow

Duration: 1 day

Submissions: Create zeta bitbucket repo named ztc4hackathon_{{team_name}}

Should be working PoC with clearly written steps on how to operate the workflow


Scoring Mechanism

  • Operatibility
  • Should be in production delivery state
  • The bigger the problem statement, better the scores , of course it should be a practical problem statement that zeta might want to solve
  • Detailed documentation explaining each and every step, and how it needs to be operated


Guidelines

  • Don’t put anything on production
  • Try to make as many reusable tasks as you can
  • Don’t post code in public repositories
  • Download tools from genuine sources, don’t use cracked tools
  • Don’t hack/test on production environment


Winner

Team with the highest points will be the winner based on total points 

References

  1. https://docs.google.com/document/d/1N7VgdQdOzUBCnRFfftRsnI3IY6z07A427ienIjMQYDQ/edit?usp=sharing


ZetaHacks 1.0 (Security)


Prerequisites

Team: 4 members or less, you can go solo too 🙂

Scope: any Zeta product specific application hosted on stage/preprod (need to discuss)

Duration: 1 day

Submissions: Create zeta bitbucket repo named ztc4hackathon_{{team_name}}.  Create directory under the repo for each vulnerability found and paste PoC code, evidences, screenshots etc. Also create google sheets the same as repo names and update vulnerability names and matching directory names. Any update to the google sheet after the hackathon deadline is not encouraged and not considered.


Scoring Mechanism

  • Points are awarded based on Severity of vulnerability found 
  • Severity of Vulnerability is based on CVSS[1] format vulnerability rating taxonomy[2] 
  • Working Exploit or Proof of Concept (PoC)
  • Detailed documentation explaining steps to reproduce and fix the Vulnerability


Guidelines

  • Don’t launch DDoS/DoS attacks
  • No automated scans
  • Don’t post code in public repositories
  • Download tools from genuine sources, don’t use cracked tools
  • Missing HTTP security headers not in scope, specifically (https://www.owasp.org/index.php/List_of_useful_HTTP_headers), e.g.
    • Strict-Transport-Security
    • X-Frame-Options
    • X-XSS-Protection
    • X-Content-Type-Options
    • Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP
    • Content-Security-Policy-Report-Only
  • Don’t hack/test on production environment


Winner

Team with the highest points will be the winner based on total points earned from  vulnerabilities submitted by team


Challenges

Bring up the applications immediately if they are down


References

  1. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
  2. https://bugcrowd.com/vulnerability-rating-taxonomy
  3. Technical Reading, https://owasp.org/www-project-top-ten/
  4. Tools: Portswigger Burpsuite, OWASP ZAP, Fiddler, Browser Developer Tools


ZetaHacks 1.0 (Fusion)


Description

Fusion is an API based product designed to provide Banking-as-a-Service. It is a platform developed for fintech developers to manage accounts, issue physical, digital or tokenized cards, control spends on channels, levy fees, charges and interests, and so on. 

In its simplistic form, Fusion provides you with a set of APIs that can help you build and solve for your fintech use-cases that you are going after, thereby reducing your prototyping cost, iterations to minimum-viable-product and time-to-market for your go-to-market product. 

To use Fusion, we need to understand some key entities like VBO, Account, Account Holder, Application, Bundles, etc. All the required details can be found in the public documentation of Fusion provided in the reference material. 


Prerequisites

In order to use the Fusion APIs, any team will need an authorization token. The token shall be provided by the Fusion team on registering for the Hackathon. 


Team: 4 members or less, you can go solo too 🙂 


Duration: 1 day


Submissions: 

  • Create zeta bitbucket repo named zetahacks_1_0_{{team_name}}
  • Please include a README file to explain the idea/problem statement. Also, add steps to execute the program.
  • Should be working PoC with clearly written steps to execute the functionality. Feel free to add an organized Postman collection needs to be provided as a part of the submission.


Reference material

  1. Fusion public API documentation : https://docs.zetaapps.in/display/fusion/Overview
  2. POSTMAN collection : https://www.getpostman.com/collections/3ae5c6201be0c81d320c


Evaluation criteria

  1. Quality and usability of the idea. 
  2. User experience and functionality. 
  3. Uniqueness of the solution. 
  4. Larger the problem statement addressed, the better 🙂 . 
  5. Accuracy and thoroughness in execution.


Sample problems

  1. Family expenditure : To provide a mechanism for a family to share the account amongst all members and setup transaction limits. 
  2. Corporate employees flow : Setup a corporation and provide salary disbursement mechanism for all of their employees.
  3. Friends expense sharing: allowing friends to pool the funds and spend. 


DO’s and DON’Ts 

  1. Do not execute on Production, use PRE-PROD end points
  2. Don’t post code in public repositories.
  3. Do raise your hand for any help, be it design or any technical queries.
  4. Form a team with a good mixed skill set like UI, UX, product and back-end engineers.

Leave A Comment

Your email address will not be published. Required fields are marked *