This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Secure Coding Dojo

Revision as of 02:03, 1 October 2019 by Paul.ionescu (talk | contribs) (Description)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
OWASP Project Header.jpg

Secure Coding Dojo

The Secure Coding Dojo is a platform for delivering and tracking security training for developers. The platform is created for development organizations of all sizes: from small teams in startups or university classrooms to large enterprises.


The Secure Coding Dojo is a training platform which can be customized to integrate with custom vulnerable websites and other CTF challenges.

Here are some of the features:

  • Integrates with Enterprise environments using Slack, Google and LDAP for authentication
  • It allows grouping of participants according to their development teams
  • It allows teams to track progress and compete with each other
  • Each lesson is built as an attack/defence pair. Developers can observe the software weaknesses by conducting the attack and after solving the challenge they learn about the associated software defenses
  • Predefined lessons are based on the MITRE most dangerous software errors (also known as SANS 25) so the focus is on software errors rather than attack techniques
  • The predefined hacking challenges are created for entry level and keep the developers engaged. Only a browser is needed.
  • With CTFs there is a puzzle aspect to the challenges which is great for pen-tester audiences but can make some developers lose interest. In the Secure Coding Dojo the focus is on demonstrating the vulnerability.
  • There are tips that help the developers as they are exploiting the issue to avoid getting stuck


This program is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0


As of June, 2019, the highest priorities for the next 6 months are:

  • Complete the first draft of the Code Project Template
  • Get other people to review the Code Project Template and provide feedback
  • Incorporate feedback into changes in the Code Project Template
  • Finalize the Code Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add

  • Docker compose support
  • Refactoring to allow creating lesson plans for various roles.
  • A Security Code Review lesson plan

Getting Involved

Involvement in the development and promotion of Secure Coding Dojo is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

  • Try it out
  • Have your development team try it out
  • Submit feedback via Github issues
  • Submit pull requests

Project Resources

Follow on Twitter

Installation Package

Source Code


Issue Tracker


Project Leader

Paul Ionescu

Related Projects


Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Affero General Public License 3.0