OWASP Secure Coding Dojo



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Secure Coding Dojo
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

Description
While open source training sites to teach application security concepts are not new the target audience for these sites has been pen-testers and ethical hackers. While a vulnerable site is included with the project the Secure Coding Dojo is not just another vulnerable website. It is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:


 * Integrates with Enterprise environments using Slack, Google and LDAP for authentication
 * It allows grouping of participants according to their development teams
 * It allows teams to track progress and compete with each other
 * Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
 * Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
 * The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
 * With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
 * There are tips that help the developers as they are exploiting the issue to avoid getting stuck

Licensing
This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

Roadmap
As of June, 2019, the highest priorities for the next 6 months are:
 * Complete the first draft of the Code Project Template
 * Get other people to review the Code Project Template and provide feedback
 * Incorporate feedback into changes in the Code Project Template
 * Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add
 * Docker compose support
 * Refactoring to allow creating lesson plans for various roles.
 * A Security Code Review lesson plan

Getting Involved
Involvement in the development and promotion of Secure Coding Dojo is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
 * Try it out
 * Have your development team try it out
 * Submit feedback via Github issues
 * Submit pull requests


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
Follow on Twitter

Installation Package

Source Code

Documentation

Issue Tracker

Video

Project Leader
Paul Ionescu

Related Projects

 * OWASP_Tool_Project_Template
 * OWASP_Documentation_Project_Template

Classifications

 * }