- Learn modern secure coding techniques through hands-on exercises.
- Candidates find, exploit & fix security vulnerabilities in real-world applications.
- Real, turn-key, development environment already configured with selected vulnerable exercise.
- Exercises focus on exploitation/remediation or secure coding and target the most common application security issues.
- Live-test changes to the code to instantly learn if the code has been fixed and award points for completing the exercise.
- Community Edition Supported Languages: Java, .NET, NodeJS, Python, PHP, Go, Ruby, Solidity.
- Automated deployment on AWS through CloudFormation.
- Install Exercises from the SecureFlag Exercise Hub or create new with the SecureFlag SDK.
- Assign Learning Paths to align developers' skills according to the company’s risk appetite.
- Setup Tournaments to engage the entire developer community in your organisation.
- Setup and manage Organisations, Teams and Users through the Management interface.
- Get Stats at Organisation, Region, Team and User level to quickly identify gaps.
To install and run SecureFlag Exercises from the ExerciseHub, you need to install the SecureFlag Community Edition Platform. Continue to the installation documentation for more information.
SDK & Exercise Development
The command line tool sfsdk provides an SDK to develop new SecureFlag exercises. The tool allows the:
- Development of new Exercises for the SecureFlag platform.
- Deployment of Exercises on your self-hosted SecureFlag CE platform to be used by your users.
- Publishing of Exercises to the SecureFlag Hub to be used by the entire Community.
The steps illustrated below show the flow to create a new SecureFlag Exercise. Reference the rest of the SDK documentation to learn how to create an exercise image and add a vulnerable application with checks to it. Then write Exercise Metadata for each vulnerability present in the Vulnerable App in the Exercise Image. When ready, publish the exercise to Exercise Hub. The Exercise will be reviewed and then published for the entire community to use!