New game sharpens secure coding skills
Today at Black Hat, Checkmarx launched Game of Hacks, a challenging game for software developers and security professionals to test their application hacking skills, improve their code security know-how and facilitate better security practices in hope of reducing the amount of vulnerabilities in their applications.
The game, which is available for desktop, tablet and mobile, presents the developer with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible and even has a 2-player mode allowing developers to battle head-to-head.
The game consists of questions asking users to identify vulnerabilities including: SQL injection, XSS, Log Forgery, Path traversal, Parameter Tampering, and many others in different programming languages including: C#, Groovy, Java, Java Script, ASP, C++, PHP and Ruby.
Additionally, developers can add their own questions and vulnerable code to the game, in any programming language highlighting any vulnerabilities, meaning that the game’s scope grows as more users join.
“Building an application and keeping it secure is a lot of work. One unchecked step can leave it exploitable by hackers. Through the “Game of Hacks’, Checkmarx aims to raise awareness amongst software developers of the need to ensure their code is secure”, Maty Siman, CTO of Checkmarx told Help Net Security.
“As more applications handle large amounts of private consumer data, Checkmarx allows developers to quickly identify security vulnerabilities and regulatory compliance issues, and show them where and how to fix them,” he continued.
Checkmarx helps companies and organizations secure their mobile and web applications by providing a solution that identifies software security flaws at an early stage in the development process, ensuring that any flaws that may have been overlooked are caught well before the software is released.
The company’s technology scans uncompiled source code quickly and effectively, identifying security vulnerabilities and regulatory compliance issues that are then reported to developers and security auditors with guidelines to fix them.