To help businesses deal with the all-too-real threat of hacking and information theft, Sydney-based startup Secure Code Warrior has developed an online platform to help train programmers in cyber-security through a gamified testing process.
Secure Code Warrior is a suite of hands-on, interactive learning scenarios that enable developers to master secure coding techniques in different development languages and frameworks.
It goes beyond multiple-choice techniques and offers hands-on challenges, where software design and code needs to be analyzed for security weaknesses. Once the weaknesses are identified, the developer needs to modify the code to remediate or mitigate the weaknesses.
Upon creating an account, the user progresses through training and assessment on the websiteâs portal. The platform enables users to hone their cyber-security skills by completing different âmissionsâ based around a gamified scoring system. Another feature of the appâ businesses are able to test their employeesâ cyber-security skills using a traditional testing format.
Explaining how the testing mode operates, the startupâs founder, Pieter Danheiux, said that each mission involves presenting a user with a block of code containing a cyber-security flaw, before challenging them to uncover and patch the flaw by writing in the correct measures.
The scoring system informs the core of the platformâs gamified processes, whereby a user is rewarded with points for each challenge they complete, a value which changes based on how difficult the mission is.
If a user completes enough missions and breaches the high scores section, they are able to mark their territory by entering their name, similar to how a player would punch in their initials into a retro arcade machine after achieving a large score.
In terms of difficulty, Danheiux said the missions themselves can be accessed from graduate to high level programmer, presuming they know the language theyâre testing for. He stated,
Thereâs over forty challenges per programming language in the basic section alone, while the mature and popular languages stretch to 350 total. You can play that in teams with your colleagues, to find where you sit with your peers. The assessment mode works basically like an exam, where thereâs no points and no hints. Itâs really valuable for a business, as they can use it to filter people that they hire to test if they know security.
Developing the Secure Code Warrior platform emerged from Danheiux and his coworkers identifying a consistent issue with businesses dealing with cyber-security. Danheiuxâs team, who tested the cyber-security of different banks and businesses, noticed the same âloopholesâ in their clientâs code popping up over and over again. He added,
Itâs practically always possible to always break in. The main reason is that many software developers are never trained in these loopholes, unless somebody shows them what it looks like and how to stop writing it. We thought that finding the same problem wasnât helping, so we thought that educating developers could help, in a fun and engaging way.
The startup now offers tournaments or hack-a-thons which sets programming teams in a room to compete against each other for high scores and physical prizes, with the purpose of training their cyber-security skills while encouraging them to come back to the platform to learn more.