OWASP - User contributions [en]

OWASP Secure Coding Dojo

2019-10-01T02:03:08Z

Paul.ionescu: /* Description */

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==Secure Coding Dojo==
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

==Description==

The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

* Integrates with Enterprise environments using Slack, Google and LDAP for authentication
* It allows grouping of participants according to their development teams
* It allows teams to track progress and compete with each other
* Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
* Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
* The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
* With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
* There are tips that help the developers as they are exploiting the issue to avoid getting stuck

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

==Roadmap==
As of <strong>June, 2019, the highest priorities for the next 6 months</strong> are:
* Complete the first draft of the Code Project Template
* Get other people to review the Code Project Template and provide feedback
* Incorporate feedback into changes in the Code Project Template
* Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add
* Docker compose support
* Refactoring to allow creating lesson plans for various roles.
* A Security Code Review lesson plan

==Getting Involved==
Involvement in the development and promotion of <strong>Secure Coding Dojo</strong> is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
* Try it out
* Have your development team try it out
* Submit feedback via Github issues
* Submit pull requests

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://twitter.com/SecureCodeDojo Follow on Twitter]

[https://hub.docker.com/u/securecodingdojo Installation Package]

[https://github.com/trendmicro/SecureCodingDojo Source Code]

[https://github.com/trendmicro/SecureCodingDojo/wiki Documentation]

[https://github.com/trendmicro/SecureCodingDojo/issues Issue Tracker]

[https://github.com/trendmicro/SecureCodingDojo/tree/master/demo Video]

== Project Leader ==
Paul Ionescu

== Related Projects ==

* [[OWASP_Tool_Project_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]

OWASP Secure Coding Dojo

2019-08-04T12:49:26Z

Paul.ionescu: Updated Twitter link.

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==Secure Coding Dojo==
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

==Description==

While open source training sites to teach application security concepts are not new the target audience for these sites has been pen-testers and ethical hackers.
While a vulnerable site is included with the project the Secure Coding Dojo is not just another vulnerable website. It is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

* Integrates with Enterprise environments using Slack, Google and LDAP for authentication
* It allows grouping of participants according to their development teams
* It allows teams to track progress and compete with each other
* Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
* Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
* The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
* With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
* There are tips that help the developers as they are exploiting the issue to avoid getting stuck

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

==Roadmap==
As of <strong>June, 2019, the highest priorities for the next 6 months</strong> are:
* Complete the first draft of the Code Project Template
* Get other people to review the Code Project Template and provide feedback
* Incorporate feedback into changes in the Code Project Template
* Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add
* Docker compose support
* Refactoring to allow creating lesson plans for various roles.
* A Security Code Review lesson plan

==Getting Involved==
Involvement in the development and promotion of <strong>Secure Coding Dojo</strong> is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
* Try it out
* Have your development team try it out
* Submit feedback via Github issues
* Submit pull requests

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://twitter.com/SecureCodeDojo Follow on Twitter]

[https://hub.docker.com/u/securecodingdojo Installation Package]

[https://github.com/trendmicro/SecureCodingDojo Source Code]

[https://github.com/trendmicro/SecureCodingDojo/wiki Documentation]

[https://github.com/trendmicro/SecureCodingDojo/issues Issue Tracker]

[https://github.com/trendmicro/SecureCodingDojo/tree/master/demo Video]

== Project Leader ==
Paul Ionescu

== Related Projects ==

* [[OWASP_Tool_Project_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]

OWASP Secure Coding Dojo

2019-06-25T14:20:10Z

Paul.ionescu: Fist version of the about project page

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Secure Coding Dojo==
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

==Description==

While open source training sites to teach application security concepts are not new the target audience for these sites has been pen-testers and ethical hackers.
While a vulnerable site is included with the project the Secure Coding Dojo is not just another vulnerable website. It is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

* Integrates with Enterprise environments using Slack, Google and LDAP for authentication
* It allows grouping of participants according to their development teams
* It allows teams to track progress and compete with each other
* Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
* Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
* The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
* With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
* There are tips that help the developers as they are exploiting the issue to avoid getting stuck

==Licensing==

This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

==Roadmap==
As of <strong>June, 2019, the highest priorities for the next 6 months</strong> are:
* Complete the first draft of the Code Project Template
* Get other people to review the Code Project Template and provide feedback
* Incorporate feedback into changes in the Code Project Template
* Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add
* Docker compose support
* Refactoring to allow creating lesson plans for various roles.
* A Security Code Review lesson plan

==Getting Involved==
Involvement in the development and promotion of <strong>Secure Coding Dojo</strong> is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
* Try it out
* Have your development team try it out
* Submit feedback via Github issues
* Submit pull requests

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://twitter.com/SecCodingDojo Follow on Twitter]

[https://hub.docker.com/u/securecodingdojo Installation Package]

[https://github.com/trendmicro/SecureCodingDojo Source Code]

[https://github.com/trendmicro/SecureCodingDojo/wiki Documentation]

[https://github.com/trendmicro/SecureCodingDojo/issues Issue Tracker]

[https://github.com/trendmicro/SecureCodingDojo/tree/master/demo Video]

== Project Leader ==
Paul Ionescu

== Related Projects ==

* [[OWASP_Tool_Project_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Code]]