The idea is to create a game to teach users about security and penetration testing. I started thinking about how being a hardcore gamer turned me into a hacker. For example, let’s take a look at a game called MegaMan; once you encountered a boss, you had to “fuzz” bosses with different weapons to figure out what the boss was vulnerable to. At first, you approach the boss passively to see what the boss can do. Once you understand how the boss interacts with your character, you start firing different weapons to determine what will potentially own the boss. Web application security is no different. You must understand how the web application (boss) is interacting with your browser (character) and begin fuzzing the web application in order to determine what it’s vulnerable to. Imagine a two dimensional side scroller except it teaches the player about security and penetration testing.