-
Notifications
You must be signed in to change notification settings - Fork 141
Home
Paul Ionescu edited this page Nov 29, 2017
·
7 revisions
Please review the wiki pages for information on compiling, deploying and enhancing this project.
The Secure Coding Dojo is a platform for delivering secure coding training. While it comes with its own vulnerable training application (the Insecure.Inc website) the training portal can be used in conjunction with other training applications.
While open source training sites to teach application security concepts are not new the target audience for these sites has been pen-testers and ethical hackers. The Secure Coding Dojo is primarily intended as a delivery platform for developers and here's why:
- It integrates with Slack for authentication
- It allows grouping of participants according to their development teams
- It allows teams to track progress and compete with each other
- Each lesson is built as an attack/defence pair. The developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defences (code blocks)
- The predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
- The predefined hacking challenges are created for entry level and keep the developers engaged
- Other training sites or CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
- There are tips that help the developers as they are exploiting the issue to avoid getting stuck