Secure Code Warrior® Missions simulate real-world scenarios for developers so they can experience the impact of insecure code and practice their offensive skills, making them better at defending their code and their company's brand reputation.
Just like pilots using a flight simulator to learn to recognize and pre-empt risk, Missions do the same for developers, helping to increase their secure coding knowledge and prevent poor coding practices before they occur.
Missions aren't for the faint of heart, but hints are available to provide some guidance when needed.
Each Mission is an immersive simulation of a real-world app allowing developers to practice their secure coding skills in a safe environment.
There are 72 missions playable + 7 Public missions. To see for yourself what your developers will experience, check out our publically available mission, found here: https://www.securecodewarrior.com/lp/fly-a-test-mission
Covered Vulnerabilities
- Access Control - Insecure Direct Object Reference
- Access Control - Missing Function Level Access Control
- Access Control - Missing Object Level Access Control
- Authentication - Improper Authentication
- Authentication - Insecure Password Reset Function
- Business Logic - Insufficient Validation
- Cross-Site Request Forgery - Cross-Site Request Forgery
- Cross-Site Scripting (XSS) - DOM-Based Cross-Site Scripting
- Cross-Site Scripting (XSS) - Reflected Cross-Site Scripting
- Cross-Site Scripting (XSS) - Stored Cross-Site Scripting
- Information Exposure - Error Details
- Information Exposure - Security Misconfiguration
- Information Exposure - Sensitive Data Exposure
- Injection Flaws - Deserialization of Untrusted Data
- Injection Flaws - External Entity Injection
- Injection Flaws - NoSQL Injection
- Injection Flaws - OS Command Injection
- Injection Flaws - Path Traversal
- Injection Flaws - SQL Injection
- Insufficient Logging and Monitoring - Insufficient Logging and Monitoring
- Mass Assignment - Mass Assignment
- Security Misconfiguration - Debug Features Enabled
- Security Misconfiguration - Other
- Sensitive Data Storage - Plaintext Storage of Passwords
- Server-Side Request Forgery - Server-Side Request Forgery (SSRF)
- Session Handling - Weak Session Token Generation
Covered Languages: frameworks
- C: Basic
- C# (.NET): Basic
- C# (.NET): Core
- C# (.NET): MVC
- C# (.NET): Web API
- C# (.NET): Web Forms
- C++:Basic
- GO: API
- GO: Basic
- Java: Enterprise Edition (Basic)
- Java: Enterprise Edition (JSF)
- Java: Enterprise Edition (JSP)
- Java: Enterprise Edition API
- Java: Spring
- Java: Spring API
- Javascript: Angular.io(2+)
- JavaScript: Basic
- JavaScript: Node.js (Express)
- JavaScript: Node.js API
- Javascript: React
- Javascript: Vue.js
- Kotlin: Spring API
- Perl Dancer 2
- PHP: Basic
- PHP: Symfony
- Pseudocode: Web
- Python: API
- Python: Basic
- Python: Django
- Python: Flask
- Ruby: Rails
- SAP: ABAP
- Scala: Play
Related Links:
Comments
0 comments
Please sign in to leave a comment.