Mobile Defense and Intelligence: Build Fast, Defend Smarter

UiTM Mobile SECOPS
21Days Challenge

A 3-week applied competition to uncover UiTM’s most capable full-stack engineers. Build secure, intelligent mobile prototypes.

24 Nov - 17 Dec 2025
RM 4,000 Prize Pool
Team ClaRity
00 Days
00 Hours
00 Minutes
00 Seconds
00 Millis

1. Overview

The Mobile SecOps 21 Days Challenge is a 3-week applied competition designed to uncover UiTM’s most capable full-stack engineers. Participants will develop secure, intelligent mobile prototypes that blend front-end usability, back-end integrity, and AI-driven defense.

This challenge is designed to simulate real DevSecOps environments using the Rentverse architecture, integrating best practices from:

1. Frontend Engineering 2. Backend Architecture 3. AI/ML Systems 4. DevOps & Systems Integration

The Aim is to:

  • Foster DevSecOps mindset and secure coding culture
  • Discover top talent for Metairflow R&D
  • Strengthen UiTM–Industry collaboration
  • Demonstrate secure software engineering across the full stack

2. Instructions

1
Clone the Base Repository
Use the following repository link for the challenge base: Rentverse Platform for UiTM Mobile SecOps Challenge
https://github.com/UiTM-SecOps-Challenge
2
Create a New Repository
● After cloning, create a new private repository under your own GitHub account or organization.
● Name your repository as follows: uitm-devops-challenge_<team-name>
3
Push Your Work to the New Repository
4
Collaborate & Commit

Consultation Booking

Consultant Area Slots Booking Link
Mr. M Ridha Ansari AI Model 8 slots Book Here
Mr. Joko Yuliyanto Backend 7 slots Book Here
Mr. Yogawan Aditya Pratama Frontend 8 slots Book Here
Mr. Alie Pratama Integration 8 slots Book Here

3. User Roles

Role Key Responsibility
Student Developer Build secure mobile prototype + documentation + presentation
Evaluator / Judge Assess technical and security competence using rubric
System User Simulate real user flow and test defensive responses

4. Core Development Modules

1. Secure Login & MFA
★★

Create MFA/OTP-based login with role-based access.

Security Focus: Authentication & Authorization (OWASP M1–M3)
sequenceDiagram User->>App: Login App->>Server: Validate Creds Server-->>App: Request OTP User->>App: Enter OTP App->>Server: Verify OTP Server-->>App: JWT Token
2. Secure API Gateway
★★

Apply HTTPS, JWT tokens, rate-limiting, and access validation.

Security Focus: Secure Communication (OWASP M5–M6)
// Middleware Example
if (!token || !verify(token)) {
  return res.status(401);
}
next();
3. Digital Agreement
★★

Reuse the rentverse module but add secure signature validation and access permissions.

Security Focus: Data Integrity & Workflow Validation
Integrity Check:
Hash(Doc) + Sign(User) == Valid
4. Smart Notification
★★

Log user activities and alert suspicious login patterns.

Security Focus: DevSecOps Monitoring & Incident Detection
{
 "event": "LOGIN_FAILED",
 "ip": "192.168.1.50",
 "risk": "HIGH"
}
5. Activity Dashboard
★★★

Provide admin-level logs for failed logins and critical actions.

Security Focus: Threat Visualization & Accountability
Threat Spike Detected
6. CI/CD Security
★★★

Integrate GitHub Actions or Jenkins for static code analysis (SAST) and deployment checks.

Security Focus: Continuous Testing (DevSecOps)
- name: Run SAST
  uses: github/codeql-action

5. Bonus Pack – Feature Innovation Pool (RM 2,000)

To promote creativity, additional rewards will be offered for exceptional modules under the Feature Innovation Pool. Teams may earn multiple bonus prizes within this pool for implementing advanced or original features.

Bonus Category Description Bonus (RM)
Threat Intelligence System Develop a lightweight AI or rule-based module that detects unusual access patterns, repeated failed logins, or potential intrusion attempts. 500
Zero-Trust Access Logic Implement conditional access (e.g., block unfamiliar devices, auto-logout on network switch, or geolocation-based sign-in restrictions). 500
Adaptive Defense Dashboard Build an interactive dashboard that visualizes system risk levels and auto-responds to flagged events (lock account, send admin alert). 500
Automated Security Testing Integrate tools like OWASP ZAP, MobSF, or GitHub Actions to run vulnerability scans before each deployment. 500

Bonus allocation is flexible and determined by the judging panel based on quality and innovation. Total pool value: RM 2,000.

6. Evaluation Rubric

30%

Security Implementation

OWASP & DevSecOps compliance, defense mechanisms.

25%

Security & Resilience

Effectiveness of protection and testing coverage.

20%

Technical Execution

Code quality, CI/CD integration, performance.

15%

UX/UI Design

Usability and clarity.

15%

Presentation

Clarity, confidence, collaboration.

7. Prize Distribution (RM 4,000)

RM 1,200

Top Technical Team

Complete all modules with outstanding security & performance design.

RM 800

Best Secure Design Team

Best implementation of automated testing and secure deployment pipeline.

RM 2,000

Feature Innovation Pool

Advanced threat-defense and automation modules (Threat Intel, Zero-Trust, etc.).

8. Deliverables

  • Source code repository (GitHub or zip file)
  • App build (APK / TestFlight)
  • Technical documentation (README + flow diagram)
  • 3-min demo video

9. IP & Collaboration Clause

All submitted works remain property of the student teams. However, Metairflow R&D Sdn. Bhd. reserves the right to review and adapt outstanding modules for internal research or prototype testing (with proper credit to the team).

10. Final Submission

Please complete this form to submit your team’s final work.

📌 Deadline: 17th December 2025
📌 Evaluation: 18th – 21th December 2025
📌 Final Pitching: Details shared after evaluation.
Submit Here

Checklist:

  • README file
  • How-to-use instructions
  • Special features explanation
  • GitHub repository link
  • Demo system (live link or video)