terminal

SSyC'26

India's First and Only Hybrid Dev+Bug Bounty National Hackathon

Secure Systems
Challenge 2026 (SSyC'26)

Development That Doesn’t End at Deployment.

Production Is the Real Playground.

Comprehensive event documentation and rulebooks will be provided upon joining.

After registration, participants will access the SSyC platform to manage teams, submissions, and reports.

System_Overview

What is SSyC?

Real deployment. Real attacks. Real consequences.

architecture

Team-based Development

Build secure, resilient systems under strict requirements. Deploy your infrastructure and defend it against live human attackers. Your code isn't finished until it survives the red team.

  • Build Phase
  • Fix Window
  • Defense Scoring
security

Solo Bug Bounty

No simulations. No CTF flags. Attack real infrastructure built by other teams. Find vulnerabilities, exploit them, and report them for points and cash bounties in a live environment.

  • Live Exploitation
  • Re-Test Phase
  • Offense Scoring

Participation_Matrix

timer

Commitment & Suitability

Time Investment

Moderate/Intensive: Expect a week-long engagement. Active monitoring during attack windows is crucial for defense teams.

Ideal For
  • Real-system deployment
  • Security feedback loops
  • Infrastructure hardening
Not For
  • Idea-only projects
  • Mockup prototypes
  • Passive participation
checklist

Prerequisites Checklist

Developers
  • check_circle Ability to deploy & maintain cloud infrastructure
  • check_circle Ready for rapid patch response cycles
  • check_circle Team size of 2-4 members
Hackers
  • check_circle Applied web security knowledge (OWASP Top 10)
  • check_circle Responsible disclosure mindset
  • check_circle Report writing skills (CVSS scoring familiarity)

Technical_Challenge_Scope

Problem Statements

Architecting the battleground. Four core systems to be built, secured, and defended.

dns

01. SaaS Platform

Scalable Multi-Tenant SaaS Collaboration Platform

Focus on tenant isolation, RBAC, and admin console.

hub

02. API Gateway

Secure API Gateway & Identity Management System

Focus on auth layer, token management, and service routing.

sync_alt

03. Real-Time Sync

Real-Time Collaborative Document Editing Platform

Focus on sync, conflict resolution, and concurrency.

schedule

04. Job Scheduler

Distributed Job Scheduling & Task Processing System

Focus on queues, worker management, and scalability.

Event_Timeline_Unified

Round 01
Build & Deploy

Dev Track

TBD
Round 02
Live Bug Bounty

BB Track

TBD
Round 03
Fix Window

Dev Track

TBD
Round 04
Re-Test

BB Track

TBD
Conclusion
Final Ranking
emoji_events

Awards

Digital certificates issued, rankings published, confidential vulnerability reports.

sync_alt How Development & Bug Bounty Are Connected

SSyC creates a symbiotic environment where code quality is directly tested by adversarial action. Developers receive real-time vulnerability reports from Bug Bounty participants. This feedback loop forces developers to understand exploit vectors, while attackers learn how modern defenses are implemented in production. It is a continuous cycle of break, fix, and harden.

info Registration Requirements

  • payments Fee 99 INR
  • group Dev Team
    2-4 Members 99 per Team
  • person Bug Bounty
    Solo Only 99 Solo
  • code GitHub Required

school What You Will Actually Learn

  • Secure Infrastructure as Code (IaC)
  • Real-world vulnerability triage
  • Patching under pressure
  • Offensive security methodologies
  • Production deployment pipelines

visibility Transparency & Fairness

All scoring logic is open-source. Bug bounty reports are validated by neutral judges from Genesis Labs. Development uptime is monitored by independent probers. We commit to a level playing field where skill is the only variable.

dns Platform & Data Handling

Participants will be provided isolated cloud environments. All activity is logged for scoring and security. Personal data is minimized and handled according to strict privacy protocols. No persistent data is retained after the event.

How SSyC Will Evolve

SSyC starts as a specialized event for secure systems engineering but aims to become the standard benchmark for full-stack security skills.

Future iterations will introduce automated red-teaming bots, complex microservices architectures, and cross-team collaboration phases. We are building a community where the line between builder and breaker dissolves into pure engineering excellence.

FAQ - Time & Effort

Is this a 24/7 event?

While the infrastructure stays live, specific attack windows are defined to ensure participants can rest. Check the detailed schedule upon registration.

Can I participate in both tracks?

No. To ensure fairness and focus, you must register as either a Developer (Team) or a Bug Bounty Hunter (Solo).