What's the best way to understand the vulnerabilities in code? Hack it yourself. This is the idea behind Alert(1) and Win  - a set of JavaScript hacking puzzles.

The idea behind Alert(1) And Win is simple. You are shown a function which generates some code using an input parameter. All you have to to is subvert the code so that you execute an Alert(1) function call.

In a "normal" program calling Alert, is not behavior that the original programmer intended as if you can call Alert you can call just about anything!

Here it's a fun challenge to help you hone your coding skills.

The website allows you to enter a name or just get on with trying out your solution. As long as your entry results in legal JavaScript it shows you the result  - both the HTML you generated and what it did - and if you do manage to call Alert(1) you are rewarded and encouraged to move on to the next problem. Of course, the problems are graduated and there is much gnashing of teeth and wailing about problem 13.

There is a leaderboard and there are comments which can give the game away. Don't go below the "Here be spoilers" warning if you want to have an honest attempt. An added complication is that you are challenged to solve the problem in the smallest number of characters.

Some players are thinking outside the box and attempting to hack the leaderboard or some other aspect of the site. Well I suppose if you paint a target on your chest what else can you you expect.?

As a serious point, the challenge does help you think like an attacker and it does demonstrate that accepting any sort of code input is risky. 

So if you have some time to spare give it a try - but be warned it could take more time than you could possibly imagine....