Wizer CTF: Secure Coding for Developers

We're flipping the script on security awareness training for your dev team! How?

By showing  developers the art of breaking things – yeah, that's right! In diving into the mindset of attackers, we're fueling developers with the ability to better understand vulnerabilities in order to craft ironclad code. But we're not just teaching it through video - though we do have 15 new, in-depth developer trainings, too!  What we're adding to the mix in addition to our new video trainings especially for coders are our Wizer CTF Challenges.  

What is a Wizer CTF Challenge?

These types of CTFs - or Capture the Flag - is sorta like a digital treasure hunt where participants hunt for hidden text (a.k.a. “flags”) as evidence that they successfully manipulated the source code to their advantage - either as a competition or for learning. Our Wizer CTFs are designed to be both a little friendly competition AND educational! And to top it off, tailor-made just for developers.

The goal of our CTF challenge is to provide hands-on exploration to help dev teams learn to develop code more securely - reducing vulnerabilities (and even bugs!) before launch! Who doesn't want that? As our founder Gaby likes to say, "Secure code is quality code." 

How Does It Work?

We'll have six active challenges live at any given time and will release a new challenge every 2 weeks. At the date of a new release the oldest live challenge will be retired and a short takeaway provided by the mastermind behind it all, Wizer's own CTO, Itzik Spitzen. (More details on the writeups in a minute.)

As our CTFs are educational fun - and we want to make it relevant to as many as possible - currently challenges will be focused on Javascript with the complexity of the challenge varying for each new one released. 

When you land on a new challenge what you'll see includes:

  • How spicey the challenge is (aka difficulty level)
  • How many attempts have been made to that point
  • The coding challenge
  • The area to drop the payload
  • Public leaderboard

CTF screenshot

There's also an opportunity to share with your colleagues and an invite to join the community on our Discord server to hash out trouble issues and find support.

Do the Writeups Give Away the Answers?

As mentioned earlier, when a challenge is 'retired' that simply means the leaderboard will no longer be updating, but the puzzle will still be accesible to solve. However, the retired challenge will also have a writeup, but it doesn't give the answer straightout - where's the challenge in that? We don't want to spoil the fun for any who come along later.

Rather, the recap provides takeaways to help drive home the lessons the challenge aims to highlight. Plus, Gaby and Itzik provide a live recap as well for those who prefer a little interaction. Check out our first CTF writeup here or catch a snippet of the recorded live below. 

Who Can Join?

But wait, There's More (Or Will Be Soon)!

Our public CTFs will always be available to the public to keep security awareness knowledge easily accessible for all. But we know for dev teams and companies with strong security cultures, it's helpful to have the ability to track training progress and even better if there's some gamification to liven things up.
That's why we're excited about an upcoming offering in the works: Wizer For Developers
With this new offering you'll be able to assign your developers a unique set of training videos 
that goes beyond the OWASP Top 10 and takes your team more in-depth with 15 videos on how to apply a secure coding mindset in a variety of relevant scenarios. Some topics covered include:
  • XSS Mitigation
  • SQL Injection Mitigation
  • Server-Side Template Injection
  • And More!

 

These videos aren't part of the standard Boost library because along with these unique, developer-focused trainings you'll also get a private leaderboard unique to just your team to encourage developers to expand their skillset and enjoy some friendly competition.

It's not live yet, but if you'd like to learn more about getting early access, contact us or sign up for our newsletter to be the first to know when it launches!

Ready To Learn to #CodeWizer?