Despite what blazing Hollywood actions films like the recent Jason Bourne would have us believe, remotely hacking into a government server doesn’t happen from merely punching random keys on a laptop while holding an intense expression.
What these films do often highlight, however, are the vulnerabilities which businesses and organisations face in the realm of cybersecurity.
Today, digital security is a very real issue, and one that was felt worldwide last year with the release of the Panama Papers, a move which seemingly contributed to the resignation of former New Zealand Prime Minister, John Key, in December last year.
To help businesses combat their digital vulnerabilities, Sydney startup Secure Code Warrior has developed an online platform to help train programmers in cybersecurity through a gamified testing process.
The platform also provides a strict assessment area, where businesses are able to test their employees’ cybersecurity skills using a traditional exam-like format. Singular users aren’t exempt from the platform either, as Secure Code Warrior can be utilised by almost any tier of programmer to either prove their skills or train them.
Working across a plethora of programming languages including C#, Java, Ruby and Python, a user is presented with two modes to choose from upon creating an account. They then progress through the website’s portal, going through training and assessment.
Training mode sticks true to its name, providing a space where users are able to hone their cybersecurity skills by completing different “missions” based around a gamified scoring system.
Explaining how the testing mode operates, the startup’s founder, Pieter Danheiux, said that each mission involves presenting a user with a block of code containing a cybersecurity flaw, before challenging them to uncover and patch the flaw by writing in the correct measures.
“If they don’t know what to do, the user can use a hint system to give a small hint and push them to find the right answer, but of course that means losing points,” said Danheiux.
The scoring system informs the core of the platform’s gamified processes, whereby a user is rewarded with points for each challenge they complete, a value which changes based on how difficult the mission is.
If a user completes enough missions and breaches the highscores section, they’re able to mark their territory by entering their name, similar to how a player would punch in their initials into a retro arcade machine after achieving a large score.
In terms of difficulty, Danheiux said the missions themselves can be accessed from graduate to high level programmer, presuming they know the language they’re testing for.
“There’s over forty challenges per programming language in the basic section alone, while the mature and popular languages stretch to 350 total. You can play that in teams with your colleagues, to find where you sit with your peers,” said Danheiux.
Beyond the hint system, the platform also offers it’s struggling users a video learning option, which will help guide them towards solving the problem.
The assessment platform, however, diverges from these helpful processes while stripping away the gamified elements.
“The assessment mode works basically like an exam, where there’s no points and no hints. It’s really valuable for a business, as they can use it to filter people that they hire to test if they know security,” said Danheiux.
Discussing how the testing area has been used in the recruitment space, the founder named Seek as an example of a company who had used the platform to find developers. A manager or user who is creating the test can lengthen it to their choosing, designating how many of cybersecurity questions they want to include.
Developing the Secure Code Warrior platform emerged from Danheiux and his coworkers identifying a consistent issue with businesses dealing with cybersecurity. Danheiux’s team, who tested the cybersecurity of different banks and businesses, noticed the same “loopholes” in their clients code popping up over and over again.
“It was really exciting for the first five years, but then it became frustrating. We kept finding the same loopholes and getting the same results,” said Danheiux.
This inconsistency reflected an issue with cybersecurity on a larger scale too, as the founder explained that some of the world’s largest hacks, such as the Panama Papers, can be linked back to three or four security weaknesses.
“It’s practically always possible to always break in. The main reason is that many software developers are never trained in these loopholes, unless somebody shows them what it looks like and how to stop writing it,” he said.
“We thought that finding the same problem wasn’t helping, so we thought that educating developers could help, in a fun and engaging way.”
Using a combination of the external developers and the founding team’s own programming knowledge, the platform was developed in 2014 and has since grown towards its current lineup of different coding languages.
The startup now offers offers tournaments or hackathons which sets programming teams in a room to compete against each other for highscores and physical prizes, with the purpose of training their cybersecurity skills while encouraging them to come back to the platform to learn more.
For a team of ten or below, a licence for the platform costs roughly US$550 per month, while a single user licence comes at US$55. There is also an enterprise option available for large businesses and corporates.
The startup’s focus on getting businesses to build up the skills of their own employees is an interesting one. Also focused on finding flaws is Bugcrowd, which allows customers to have their apps and systems tested by thousands of hackers within the Bugcrowd community to find flaws.
Secure Code Warrior has been bootstrapped since its founding; Danheiux said he is thinking about seeking capital in the future to help accelerate the startup’s growth internationally.
Internationally, the US market is front of the startup’s mind, as Danheiux said he wants to get a solid foothold in the financial industry.
Image: Pieter Danheiux + Secure Code Warrior Team. Source. Supplied.