Home

Welcome to the Secure Coding Dojo wiki!

Please review the wiki pages for information on compiling, deploying and enhancing this project.

The Secure Coding Dojo is a platform for delivering secure coding training. While it provides a set of vulnerable training applications the training portal can be extended and used in conjunction with other applications as well.

Training applications:

• "Insecure.Inc" is a Java site that demonstrates simple exploits based on SANS Top 25/OWASP Top 10
• "Hacker's Den" is a Serverless application for more advanced users based on OWASP Top 10
• "Security Code Review 101" is a static web site that runs directly from the Dojo Github
• "Red Team/Blue Team" is an insecure container image

The Secure Coding Dojo is primarily intended as a delivery platform for developers and here's why:

• The predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
• The predefined hacking challenges are created for entry level and keep the developers engaged
• In other training sites or CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
• There are tips that help the developers as they are exploiting the issue to avoid getting stuck
• It integrates with Slack for authentication!
• It also integrates with Google, ADFS, LDAP and local user database
• It allows grouping of participants according to their development teams
• It allows teams to track progress and compete with each other
• Each lesson is built as an attack/defence pair. The developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defences (code blocks)