Security firms may be trying all sorts of ways to improve developers' security skills, but Israeli application-security firm Checkmarx has taken a different approach with a crowdsourced online game that challenges developers to identify the security flaws in actual samples of code.
The online game, called Game of Hacks, runs on desktop, tablet and smartphones and works on a simple multiple-choice system with a timer to pressure contestants to pick the vulnerability.
Tested vulnerabilities include SQL injection, XSS, Log fogery, path traversal, parameter tampering, and others with programming languages including C#, Groovy, Java, Javascript, ASP, C++, PHP and Ruby covered.
Checkmarx founder Maty Siman said the game was intended to “bridge the gap between app developers' coding abilities and their security literacy.
“Thinking like a hacker can ensure developers protect their applications from the most likely exploits. As mobile and web applications grow in popularity, protecting consumer information before it is put at risk is more important than ever.”
To be debuted at the Black Hat USA conference this week, the game has been designed to grow over time, with developers able to add their own code samples with a view to building an ever-larger repository of vulnerabilities.
Combined with existing and future samples provided by Checkmarx, Game of Hacks is expected to remain an ongoing resource for IT security managers hoping to raise the profile of information security within their application development teams.
“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in applications’ codes,” vice president of marketing Asaph Schulman said. “Vulnerabilities that often exist from the early development stage of the software and remain undetected until it’s too late.”
“We repeatedly hear security managers concerned about the secure coding knowledge of their development teams and are looking to provide more training,” he continued. “Game of Hacks was designed to sharpen developers' security acumen in a fun and interactive way so many of the most common security vulnerabilities can be avoided in the first place.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.