OWASP Secure Coding Dojo

From OWASP
Jump to: navigation, search
OWASP Project Header.jpg

Secure Coding Dojo

The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

Description

The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

  • Integrates with Enterprise environments using Slack, Google and LDAP for authentication
  • It allows grouping of participants according to their development teams
  • It allows teams to track progress and compete with each other
  • Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
  • Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
  • The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
  • With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
  • There are tips that help the developers as they are exploiting the issue to avoid getting stuck

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

Roadmap

As of June, 2019, the highest priorities for the next 6 months are:

  • Complete the first draft of the Code Project Template
  • Get other people to review the Code Project Template and provide feedback
  • Incorporate feedback into changes in the Code Project Template
  • Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

  • Docker compose support
  • Refactoring to allow creating lesson plans for various roles.
  • A Security Code Review lesson plan

Getting Involved

Involvement in the development and promotion of Secure Coding Dojo is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

  • Try it out
  • Have your development team try it out
  • Submit feedback via Github issues
  • Submit pull requests

Project Resources

Follow on Twitter

Installation Package

Source Code

Documentation

Issue Tracker

Video

Project Leader

Paul Ionescu

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
Affero General Public License 3.0