Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Welcome to the Secure Coding Dojo wiki!
Please review the wiki pages for information on compiling, deploying and enhancing this project.
The Secure Coding Dojo is a platform for delivering secure coding training. While it provides two vulnerable training applications the training portal can be used in conjunction with other applications as well.
- "Insecure.Inc" is a Java site that demonstrates simple exploits based on SANS Top 25/OWASP Top 10
- "Hacker's Den" is a Serverless application for more advanced users based on OWASP Top 10
While training sites to teach application security concepts are not new, the target audience has traditionally been pen-testers and ethical hackers. The Secure Coding Dojo is primarily intended as a delivery platform for developers and here's why:
- The predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
- The predefined hacking challenges are created for entry level and keep the developers engaged
- In other training sites or CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
- There are tips that help the developers as they are exploiting the issue to avoid getting stuck
- It integrates with Slack for authentication!
- It also integrates with Google, ADFS, LDAP and local user database
- It allows grouping of participants according to their development teams
- It allows teams to track progress and compete with each other
- Each lesson is built as an attack/defence pair. The developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defences (code blocks)