Kurukshetra v2.0 releases: A framework for teaching secure coding

Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment.

Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user-facing web app providing all the necessary controls, for the admin to host and modify the challenges, and the user to execute and view the result of each of his input.

The main problem that today’s developers face is the increasing complexity of the software stack that they have to develop and this combined with insufficient knowledge about secure learning practices leads to companies having to resort to allocating more and more resources to post-launch security and maintenance.

The main root cause of this whole problem is the fact that most of the companies are not investing in teaching secure coding practices to their core developers and new hires. They are expected to churn out the most functionally complete product in the least amount of time and almost always security is left as an afterthought.

Why would any company do something that incurs more loss down the line? This is mainly due to the fact that there is no easy to use the framework to teach developers secure coding practices using the practical method when compared to the abundance of frameworks and sites available for teaching developers programming techniques and methods.

It is this lack of framework which neatly integrates into the learning, practice, adapts workflow of modern developers that inspired us to create Kurukshetra.

The best way to improve the security of an application is to teach developers how to write secure code. When the developers are aware of secure coding methodologies, the number of trivial vulnerabilities that will be present in the code written by them goes down subsequently. This will result in lower work for security engineers and developers and allow them to double down and focus on important things.

Kurukshetra aims to deploy a framework where developers can learn secure coding practices in a hands on manner.

1. Challenge listing page:

2. Challenge solving page:

3. Admin portal (statistics):

4. Admin challenge edit/add challenges:

Changelog v2.0

Kurukshetra v2.0 has been released with some major changes and tons of new features during the HITB Dubai 2018 with the most notable features including:

• Support for NodeJs, Python and Ruby programming languages (Previously only PHP was supported)
• One click challenge hosting (host vulnerable challenges inside a sandbox with just one click) !
• Admin dashboard with improved functionalities:
  • Real time container management

    

Installation & Usage

Demo

Copyright (C) 2018 a0xnirudh

Source: https://github.com/a0xnirudh/