Secure Coding Dojo
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.
The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.
Here are some of the features:
- Integrates with Enterprise environments using Slack, Google and LDAP for authentication
- It allows grouping of participants according to their development teams
- It allows teams to track progress and compete with each other
- Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
- Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
- The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
- With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
- There are tips that help the developers as they are exploiting the issue to avoid getting stuck
This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0
As of June, 2019, the highest priorities for the next 6 months are:
- Complete the first draft of the Code Project Template
- Get other people to review the Code Project Template and provide feedback
- Incorporate feedback into changes in the Code Project Template
- Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project
Subsequent Releases will add
- Docker compose support
- Refactoring to allow creating lesson plans for various roles.
- A Security Code Review lesson plan
Involvement in the development and promotion of Secure Coding Dojo is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
- Try it out
- Have your development team try it out
- Submit feedback via Github issues
- Submit pull requests