To help businesses deal with the all-too-real threat of hacking and information theft, Sydney-based startup Secure Code Warrior has developed an online platform to help train programmers in cyber-security through a gamified testing process.
Secure Code Warrior is a suite of hands-on, interactive learning scenarios that enable developers to master secure coding techniques in different development languages and frameworks.
It goes beyond multiple-choice techniques and offers hands-on challenges, where software design and code needs to be analyzed for security weaknesses. Once the weaknesses are identified, the developer needs to modify the code to remediate or mitigate the weaknesses.
Upon creating an account, the user progresses through training and assessment on the website’s portal. The platform enables users to hone their cyber-security skills by completing different “missions” based around a gamified scoring system. Another feature of the app— businesses are able to test their employees’ cyber-security skills using a traditional testing format.
Explaining how the testing mode operates, the startup’s founder, Pieter Danheiux, said that each mission involves presenting a user with a block of code containing a cyber-security flaw, before challenging them to uncover and patch the flaw by writing in the correct measures.
The scoring system informs the core of the platform’s gamified processes, whereby a user is rewarded with points for each challenge they complete, a value which changes based on how difficult the mission is.
If a user completes enough missions and breaches the high scores section, they are able to mark their territory by entering their name, similar to how a player would punch in their initials into a retro arcade machine after achieving a large score.
In terms of difficulty, Danheiux said the missions themselves can be accessed from graduate to high level programmer, presuming they know the language they’re testing for. He stated,
There’s over forty challenges per programming language in the basic section alone, while the mature and popular languages stretch to 350 total. You can play that in teams with your colleagues, to find where you sit with your peers. The assessment mode works basically like an exam, where there’s no points and no hints. It’s really valuable for a business, as they can use it to filter people that they hire to test if they know security.
Developing the Secure Code Warrior platform emerged from Danheiux and his coworkers identifying a consistent issue with businesses dealing with cyber-security. Danheiux’s team, who tested the cyber-security of different banks and businesses, noticed the same “loopholes” in their client’s code popping up over and over again. He added,
It’s practically always possible to always break in. The main reason is that many software developers are never trained in these loopholes, unless somebody shows them what it looks like and how to stop writing it. We thought that finding the same problem wasn’t helping, so we thought that educating developers could help, in a fun and engaging way.
The startup now offers tournaments or hack-a-thons which sets programming teams in a room to compete against each other for high scores and physical prizes, with the purpose of training their cyber-security skills while encouraging them to come back to the platform to learn more.
