This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Secure Coding Dojo

From OWASP
Revision as of 12:49, 4 August 2019 by Paul.ionescu (talk | contribs) (Updated Twitter link.)

Jump to: navigation, search
OWASP Project Header.jpg

Secure Coding Dojo

The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.

Description

While open source training sites to teach application security concepts are not new the target audience for these sites has been pen-testers and ethical hackers. While a vulnerable site is included with the project the Secure Coding Dojo is not just another vulnerable website. It is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

  • Integrates with Enterprise environments using Slack, Google and LDAP for authentication
  • It allows grouping of participants according to their development teams
  • It allows teams to track progress and compete with each other
  • Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
  • Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
  • The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
  • With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
  • There are tips that help the developers as they are exploiting the issue to avoid getting stuck

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0

Roadmap

As of June, 2019, the highest priorities for the next 6 months are:

  • Complete the first draft of the Code Project Template
  • Get other people to review the Code Project Template and provide feedback
  • Incorporate feedback into changes in the Code Project Template
  • Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

  • Docker compose support
  • Refactoring to allow creating lesson plans for various roles.
  • A Security Code Review lesson plan

Getting Involved

Involvement in the development and promotion of Secure Coding Dojo is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

  • Try it out
  • Have your development team try it out
  • Submit feedback via Github issues
  • Submit pull requests

Project Resources

Follow on Twitter

Installation Package

Source Code

Documentation

Issue Tracker

Video

Project Leader

Paul Ionescu

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
Affero General Public License 3.0
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Dojo&oldid=253518"