OWASP Secure Coding Dojo



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Secure Coding Dojo
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

Description
The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:


 * Integrates with Enterprise environments using Slack, Google and LDAP for authentication
 * It allows grouping of participants according to their development teams
 * It allows teams to track progress and compete with each other
 * Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
 * Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
 * The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
 * With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
 * There are tips that help the developers as they are exploiting the issue to avoid getting stuck

Licensing
This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

Roadmap
As of June, 2019, the highest priorities for the next 6 months are:
 * Complete the first draft of the Code Project Template
 * Get other people to review the Code Project Template and provide feedback
 * Incorporate feedback into changes in the Code Project Template
 * Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add
 * Docker compose support
 * Refactoring to allow creating lesson plans for various roles.
 * A Security Code Review lesson plan

Getting Involved
Involvement in the development and promotion of Secure Coding Dojo is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
 * Try it out
 * Have your development team try it out
 * Submit feedback via Github issues
 * Submit pull requests


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
Follow on Twitter

Installation Package

Source Code

Documentation

Issue Tracker

Video

Project Leader
Paul Ionescu

Related Projects

 * OWASP_Tool_Project_Template
 * OWASP_Documentation_Project_Template

Classifications

 * }