The Challenges
Short, sharp targets. One flag each. Every challenge teaches a single vulnerability class against a believable fictional app.
Knockdown
A maker community for flat-pack furniture. Every build exports to one portable file you can share, and anyone can paste that file back in to restore the whole design — cut list, hardware, and the rendered preview, exactly as it shipped.
Cookbook
A recipe manager and meal planner. You can export any recipe to a portable backup and import it on another device — and the restore step trusts the backup a little too much.
TicketSeason
A verified hockey-ticket marketplace that keeps you signed in between visits by stashing your account in a "remember me" cookie. The box office trusts whatever it finds in there.
Almanac
Almanac is a private journaling app — write dated entries, keep your photos, and carry the whole archive between devices. The catch is the "carry it across" part: exporting your capsule and importing it on another device are two halves of the same trusting handshake.
Folio Coffee Co
A specialty-coffee roaster lets subscribers personalize the printed card that ships in every monthly bag. The shortcode system runs through the storefront's template engine, server-side, with sandbox off by design — customers wanted conditionals.
Pocketmic
A buy-me-a-coffee-style tip jar for indie podcasters. Listeners leave a few bucks and an optional thank-you note that gets emailed to the host. No response, no preview — but the thank-you redirect carries a tiny performance metric in its headers.
Foundry Comics
Brooklyn indie micro-press with an open submissions portal. Would-be contributors paste a pitch into the submit-preview tool and see how the editor will read it — folded into the house style and rendered server-side. The portal kept the previous owner's stack alongside the rebuild, so different sessions hit different code paths.
Quoted
An indie reading-highlights service for power-readers. Users can customise the layout of their weekly digest email through a small sandboxed templating language — the kind of feature a careful developer adds, then tries to lock down.
BlockPixel Goods
A three-person indie shop that prints custom pixel-art apparel. Customers can put their own gamer-tag and a one-line slogan on every product. The personalize-this-item preview goes through the storefront's templating layer.