-
Notifications
You must be signed in to change notification settings - Fork 141
Home
Paul Ionescu edited this page Jan 25, 2019
·
7 revisions
Please review the wiki pages for information on compiling, deploying and enhancing this project.
The Secure Coding Dojo is a platform for delivering secure coding training. While it provides two vulnerable training applications the training portal can be used in conjunction with other applications as well.
Vulnerable applications:
- Insecure.Inc is a Java site that demonstrates simple exploits based on SANS Top 25/OWASP Top 10
- Hacker's Den is a Serverless application for more advanced users based on OWASP Top 10
While training sites to teach application security concepts are not new, the target audience has traditionally been pen-testers and ethical hackers. The Secure Coding Dojo is primarily intended as a delivery platform for developers and here's why:
- The predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
- The predefined hacking challenges are created for entry level and keep the developers engaged
- In other training sites or CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
- There are tips that help the developers as they are exploiting the issue to avoid getting stuck
- It integrates with Slack for authentication!
- It also integrates with Google, ADFS, LDAP and local user database
- It allows grouping of participants according to their development teams
- It allows teams to track progress and compete with each other
- Each lesson is built as an attack/defence pair. The developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defences (code blocks)