-
Notifications
You must be signed in to change notification settings - Fork 140
Home
Paul Ionescu edited this page Oct 15, 2020
·
7 revisions
Please review the wiki pages for information on compiling, deploying and enhancing this project.
The Secure Coding Dojo is a platform for delivering secure coding training. While it provides a set of vulnerable training applications the training portal can be extended and used in conjunction with other applications as well.
Training applications:
- "Insecure.Inc" is a Java site that demonstrates simple exploits based on SANS Top 25/OWASP Top 10
- "Hacker's Den" is a Serverless application for more advanced users based on OWASP Top 10
- "Security Code Review 101" is a static web site that runs directly from the Dojo Github
- "Red Team/Blue Team" is an insecure container image
The Secure Coding Dojo is primarily intended as a delivery platform for developers and here's why:
- The predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
- The predefined hacking challenges are created for entry level and keep the developers engaged
- In other training sites or CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
- There are tips that help the developers as they are exploiting the issue to avoid getting stuck
- It integrates with Slack for authentication!
- It also integrates with Google, ADFS, LDAP and local user database
- It allows grouping of participants according to their development teams
- It allows teams to track progress and compete with each other
- Each lesson is built as an attack/defence pair. The developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defences (code blocks)