This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Secure Coding Dojo"

From OWASP
Jump to: navigation, search
(Fist version of the about project page)
(Description)
 
(One intermediate revision by the same user not shown)
Line 4: Line 4:
 
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
  
 
+
==Secure Coding Dojo==
==OWASP Secure Coding Dojo==
 
 
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.
 
The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.
  
 
==Description==
 
==Description==
  
While open source training sites to teach application security concepts are not new the target audience for these sites has been pen-testers and ethical hackers.
+
The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.
While a vulnerable site is included with the project the Secure Coding Dojo is not just another vulnerable website. It is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.
 
  
 
Here are some of the features:
 
Here are some of the features:
Line 53: Line 51:
  
 
== Project Resources ==
 
== Project Resources ==
[https://twitter.com/SecCodingDojo Follow on Twitter]
+
[https://twitter.com/SecureCodeDojo Follow on Twitter]
  
 
[https://hub.docker.com/u/securecodingdojo Installation Package]
 
[https://hub.docker.com/u/securecodingdojo Installation Package]

Latest revision as of 02:03, 1 October 2019

OWASP Project Header.jpg

Secure Coding Dojo

The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

Description

The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

  • Integrates with Enterprise environments using Slack, Google and LDAP for authentication
  • It allows grouping of participants according to their development teams
  • It allows teams to track progress and compete with each other
  • Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
  • Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
  • The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
  • With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
  • There are tips that help the developers as they are exploiting the issue to avoid getting stuck

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

Roadmap

As of June, 2019, the highest priorities for the next 6 months are:

  • Complete the first draft of the Code Project Template
  • Get other people to review the Code Project Template and provide feedback
  • Incorporate feedback into changes in the Code Project Template
  • Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

  • Docker compose support
  • Refactoring to allow creating lesson plans for various roles.
  • A Security Code Review lesson plan

Getting Involved

Involvement in the development and promotion of Secure Coding Dojo is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

  • Try it out
  • Have your development team try it out
  • Submit feedback via Github issues
  • Submit pull requests

Project Resources

Follow on Twitter

Installation Package

Source Code

Documentation

Issue Tracker

Video

Project Leader

Paul Ionescu

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
Affero General Public License 3.0
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Dojo&oldid=255093"