Application security has become a huge challenge for IT companies worldwide. More and more exploits, causing widespread financial and technical damage, are being reported on almost a daily basis. While primarily taking these security issues head-on, Checkmarx is also providing an interactive solution to promote secure coding standards within organizations.
The Game of Hacks development was directed jointly by Checkmarx CTO Maty Siman and Asaph Schulman, VP of marketing. Due to the overwhelming demand, it is now available for both desktop and mobile. The game is based on the 2013 OWASP Top-10, one of the most comprehensive vulnerability references available today.
2014 Black Hat USA conference was selected as a launching pad for the interactive game. The feedback from participants and security professionals was overwhelming. Over 70000 people have already played the Game of Hacks. Checkmarx is currently in the process of raising the bar by introducing new features and functionality to the existing format.
So what is Game of Hacks all about and how does it help promote secure coding?
CTO Maty Siman commented: “Checkmarx is committed to bridging the gap between app developers’ coding abilities and their security literacy. Thinking like a hacker can ensure developers protect their applications from the most likely exploits. As mobile and web applications grow in popularity, protecting consumer information is extremely important.”
The game can be played at 3 levels:
- Beginner – Intended for newbies who want to learn about secure coding.
- Intermediate – A good starting point for InfoSec professionals and developers.
- Advanced – Best suited for ethical hackers and security training within organizations.
Once inside the game, all the player needs to do is pick the desired level of play and get started. There is also a multiplayer option where the player can invite specific people to clash with him online. The game consists of 5 questions, with 1 minute allocated to answer each question. Correct answers and faster response times get the player more points.
Game of Hacks encourages secure coding by familiarizing the players/developers with the leading vulnerabilities that are commonly exploited by malicious attackers. These include SQL injections, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Path Traversal and other leading techniques that are wreaking havoc today.
“We’ve been seeing a rise in hackers successfully exploiting vulnerabilities in application codes. These often exist from the early development stage of the software and remain undetected until it’s too late,” Asaph Schulman explains. “Game of Hacks was designed to sharpen developers’ security acumen in a fun and interactive way.”
What lies ahead for Checkmarx’s franchise educational/gaming platform?
While the free version is being played extensively all around the globe, Checkmarx is also pushing out an enterprise version dedicated to professional training and boosting secure development. Companies with this version can channel the vulnerabilities found in their code into the game to create a customized training scenario for its developers.
Its important to mention that the enterprise version’s question database is completely confidential and even the private leader-board can have only players from within the organization. The aforementioned variation of Game of Hacks is already rolling out, promoting secure programming practices and enhancing code integrity.
Checkmarx also plans to add a functionality that will assist with the vulnerability mitigation process. Players of the enterprise Game of Hacks will soon be able to get instant access to mitigation techniques and ideas for tricky situations that cannot be tackled easily. This will make Game of Hacks a secure development training tool.
Secure applications with high code integrity require safe programming practices and appropriate security solutions. But the first step is educating the developers and raising the awareness about today’s commonly exploited vulnerabilities. Checkmarx’s Game of Hacks will be helping the InfoSec community achieve this goal in 2015.