Skip to content Skip to footer

Introducing Secure Code Game Season 2 with JavaScript, Python, Go, and GitHub Actions

In March 2023, we introduced the Secure Code Game, a groundbreaking in-repo learning that revolutionized developers' use of secure practices. This innovative platform allows players to delve into intentionally vulnerable code and apply their skills to rectify security flaws, ultimately promoting a culture of cybersecurity awareness and best practices. Since its launch, the Secure Code Game has garnered immense popularity among developers worldwide, with over 3,500 participants actively participating in this immersive learning journey. By engaging with real-world scenarios and practical challenges, developers enhance their skills and contribute to making software and applications more resilient to cyber threats. Building on the first season's success, we are excited to announce the upcoming second season of the Secure Code Game. This new season will feature five compelling challenges contributed by the community, spanning popular programming languages such as JavaScript, Python, Go, and GitHub Actions. With diverse challenges, developers of all levels can test their skills and expand their knowledge in secure practices. As we continue to empower developers to prioritize security in their workflows, the Secure Code Game remains a valuable resource for enterprises, open-source, and educational communities. Through gamification and hands-on learning, developers can gain practical in identifying and mitigating security vulnerabilities, ultimately positively impacting the overall security landscape. Join us in this exciting journey towards a more secure and resilient digital future!

How the game works

GitHub Codespaces offers a straightforward yet effective way for developers and students to improve their abilities. Users can advance through different proficiency levels by providing a platform to review, debug, and test code. This innovative tool allows individuals to set up a fully configured environment in the cloud, making the process seamless and efficient. With up to 60 free monthly hours, users have ample time to hone their skills and work on various projects. Moreover, GitHub Codespaces is particularly beneficial for those looking to enhance their code security skills. By integrating security measures into their workflows, developers can ensure their code is robust and protected from threats. Additionally, users can leverage GitHub Advanced Security (GHAS) to enhance the security of their projects further. This comprehensive security solution provides advanced features that help identify and remediate vulnerabilities in the code, ensuring a secure development environment. Overall, GitHub Codespaces is a valuable tool for developers and students alike. Offering a user-friendly , debugging, and testing platform enables users to improve their skills and work on projects more efficiently. With the added benefits of enhanced code security and access to GHAS, users can take their coding abilities to the next level while ensuring the safety and integrity of their projects.

Why a game?

We initially aimed to address the issues developers encountered in secure coding training. We collected community feedback, revealing that the courses were tedious, theoretical, and often relied on video-based training. Developers were also learning outside of a development environment, and assessments were based on multiple-choice questions that did not accurately reflect real-world security issues. Moreover, personalization based on programming languages and frameworks needed to be improved, leading to security issues resulting from the coding style.

To solve these issues, we adopted a gamified approach that engaged learners, accessible via a developer-first in-repo within Codespaces or locally. We challenged players to identify security issues, fix them, and maintain the code's functionality to advance to the next level. This approach made players understand how to fix security issues effectively without introducing regression to the existing functionality. Furthermore, we open-sourced the game, allowing the community to contribute to four out of five challenges in the new season.

Contributing to the Secure Code Game through open source means significantly impacting the broader security world. We added challenges to the second season based on real-life scenarios, which helped others learn in an entertaining, hands-on manner.

Over the past year, the community has received feedback about how they have used the game. For example, a PropTech startup organized a hackathon based on the Secure Code Game, which resulted in a 96% reduction in security issues by combining GHAS and the Secure Code Game and a nearly 97% reduction in the weekly time required from the security team to help developers with security remediation. The Secure Code Game was also used in the classroom at the University of Novi Sad to deliver interactive lectures with the active participation of students. This approach proved more efficient in sharing knowledge than the traditional delivery with passive audiences.

In conclusion, the Secure Code Game addresses critical security issues in a fun, engaging, and practical, making it easier for developers to learn and practice secure coding methods.

Your chance to level up!

We are excited to see how you will tackle the challenges in this upcoming season. Creative individuals are invited to share ideas to help shape the game's future. Check out our contribution guidelines for more information.

So, what are you waiting for? Start playing now!

Did you know?

CodeQL for free through the Secure Code Game. CodeQL serves as the Static Application Security Testing (SAST) tool in GHAS. When facing challenges in the Secure Code Game, refer to the alerts generated by CodeQL for assistance.

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

- Kate: You're not in my class.
- Dade: Gimme time.
Kate & Dade

Deitasoft © 2024. All Rights Reserved.