|
1 | 1 | [ |
2 | 2 | { |
3 | 3 | "level":0, |
4 | | - "name":"White Belt", |
5 | | - "challenges":[] |
6 | | - }, |
7 | | - { |
8 | | - "level":1, |
9 | | - "name":"Yellow Belt", |
10 | | - "badgrInfo": |
11 | | - { |
12 | | - "issuer":"Insert <issuer id> from https://badgr.io/issuer/issuers/<issuer id>", |
13 | | - "badge_class":"Insert <badge class id> from https://badgr.io/issuer/issuers/<issuer id>/badges/<badge id>", |
14 | | - "recipient_type":"email", |
15 | | - "recipient_identifier":"", |
16 | | - "narrative":"Badge issued for completing the Secure Coding Dojo:Yellow Belt.", |
17 | | - "create_notification":true, |
18 | | - "evidence_items":[] |
19 | | - }, |
20 | | - "challenges":[ |
21 | | - { |
22 | | - "id":"cwe807", |
23 | | - "name":"Reliance on Untrusted Inputs in a Security Decision", |
24 | | - "description": "cwe807.html", |
25 | | - "attackGram":"reliance.png", |
26 | | - "solution":"cwe807.sol.md", |
27 | | - "playLink":"/ch2.jsp", |
28 | | - "mission":"Access the admin page from the account of the 'demo' user.", |
29 | | - "codeBlockIds":["serverSideValidation"] |
30 | | - }, |
31 | | - { |
32 | | - "id":"cwe862", |
33 | | - "name":"Missing Authorization", |
34 | | - "description": "cwe862.html", |
35 | | - "attackGram":"missingauthz.png", |
36 | | - "solution":"cwe862.sol.md", |
37 | | - "playLink":"/cwe862.jsp", |
38 | | - "mission":"Access the admin page from the account of the 'demo' user.", |
39 | | - "codeBlockIds":["resourceSeparation"] |
40 | | - }, |
41 | | - { |
42 | | - "id":"cwe798", |
43 | | - "name":"Use of Hard-coded Credentials", |
44 | | - "description": "cwe798.html", |
45 | | - "attackGram":"hardcodedpassword.png", |
46 | | - "solution":"cwe798.sol.md", |
47 | | - "playLink":"/cwe798.jsp", |
48 | | - "mission":"Authenticate to the website using the Insecure Inc. service account credentials.", |
49 | | - "codeBlockIds":["enforceSafeConfig"] |
50 | | - }, |
51 | | - { |
52 | | - "id":"cwe306", |
53 | | - "name":"Missing Authentication for Critical Function", |
54 | | - "description": "cwe306.md", |
55 | | - "attackGram":"authbypass.png", |
56 | | - "solution":"cwe306.sol.md", |
57 | | - "playLink":"/ch1.jsp", |
58 | | - "codeBlockIds":["authenticationByDefault"], |
59 | | - "mission":"Access the admin page for this challenge without knowing any password.", |
60 | | - "badgrInfo":{ |
61 | | - "issuer":"Insert <issuer id> from https://badgr.io/issuer/issuers/<issuer id>", |
62 | | - "badge_class":"Insert <badge class id> from https://badgr.io/issuer/issuers/<issuer id>/badges/<badge id>", |
63 | | - "recipient_type":"email", |
64 | | - "recipient_identifier":"", |
65 | | - "narrative":"Badge issued for completing the Secure Coding Dojo:Yellow Belt:Missing Authentication for Critical Function.", |
66 | | - "create_notification":true, |
67 | | - "evidence_items":[] |
68 | | - } |
69 | | - } |
70 | | - ] |
71 | | - }, |
72 | | - { |
73 | | - "level":2, |
74 | | - "name":"Orange Belt", |
75 | | - "challenges":[ |
76 | | - { |
77 | | - "id":"cwe311", |
78 | | - "name":"Missing Encryption of Sensitive Data", |
79 | | - "description": "cwe311.html", |
80 | | - "attackGram":"missingenc.png", |
81 | | - "solution":"cwe311.sol.md", |
82 | | - "playLink":"/cwe311.jsp", |
83 | | - "codeBlockIds":["useStrongDataEncryption"] |
84 | | - }, |
85 | | - { |
86 | | - "id":"cwe327", |
87 | | - "name":"Use of a Broken or Risky Cryptographic Algorithm", |
88 | | - "description": "cwe327.html", |
89 | | - "attackGram":"brokencrypto.png", |
90 | | - "solution":"cwe327.sol.md", |
91 | | - "playLink":"/cwe327.jsp", |
92 | | - "codeBlockIds":["useStrongDataEncryption"] |
93 | | - }, |
94 | | - { |
95 | | - "id":"cwe759", |
96 | | - "name":"Use of a One-Way Hash without a Salt", |
97 | | - "description": "cwe759.html", |
98 | | - "attackGram":"unsaltedhash.png", |
99 | | - "solution":"cwe759.sol.md", |
100 | | - "playLink":"/cwe759.jsp", |
101 | | - "codeBlockIds":["useStrongDataEncryption"] |
102 | | - }, |
103 | | - { |
104 | | - "id":"cwe209", |
105 | | - "name":"Generation of Error Message Containing Sensitive Information", |
106 | | - "description": "cwe209.html", |
107 | | - "attackGram":"errormessage.png", |
108 | | - "solution":"cwe209.sol.md", |
109 | | - "playLink":"/cwe209.jsp", |
110 | | - "mission":"Authenticate to the website using credentials discovered in detailed error messages.", |
111 | | - "codeBlockIds":["displayGenericErrorMessages"] |
112 | | - } |
113 | | - ] |
114 | | - }, |
115 | | - { |
116 | | - "level":3, |
117 | | - "name":"Green Belt", |
118 | | - "challenges":[ |
119 | | - { |
120 | | - "id":"cwe307", |
121 | | - "name":"Password Guessing Attack", |
122 | | - "description": "cwe307.html", |
123 | | - "attackGram":"passguessing.png", |
124 | | - "solution":"cwe307.sol.md", |
125 | | - "playLink":"/cwe307.jsp", |
126 | | - "codeBlockIds":["loginBestPractices"] |
127 | | - }, |
128 | | - { |
129 | | - "id":"cwe190", |
130 | | - "name":"Integer Overflow or Wraparound", |
131 | | - "description": "cwe190.html", |
132 | | - "attackGram":"intoverflow.png", |
133 | | - "solution":"cwe190.sol.md", |
134 | | - "playLink":"/cwe190.jsp", |
135 | | - "codeBlockIds":["checkBoundaries"] |
136 | | - }, |
137 | | - { |
138 | | - "id":"cwe494", |
139 | | - "name":"Download of Code Without Integrity Check", |
140 | | - "attackGram":"downloadnocheck.png", |
141 | | - "description": "cwe494.html", |
142 | | - "solution":"cwe494.sol.md", |
143 | | - "playLink":"/cwe494.jsp", |
144 | | - "codeBlockIds":["integrityVerification","useStrongDataEncryption"] |
145 | | - }, |
146 | | - { |
147 | | - "id":"cwe94", |
148 | | - "name":"Improper Control of Generation of Code ('Code Injection')", |
149 | | - "description": "cwe94.html", |
150 | | - "attackGram":"codeinjection.png", |
151 | | - "solution":"cwe94.sol.md", |
152 | | - "playLink":"/cwe94.jsp", |
153 | | - "mission":"Invoke the server side utility `deleteHistory`.", |
154 | | - "codeBlockIds":["inputAllowListing", "serverSideValidation"] |
155 | | - } |
156 | | - ] |
157 | | - }, |
158 | | - { |
159 | | - "level":4, |
160 | 4 | "name":"Purple Belt", |
161 | 5 | "challenges":[ |
162 | 6 | { |
|
189 | 33 | ] |
190 | 34 | }, |
191 | 35 | { |
192 | | - "level":5, |
| 36 | + "level":1, |
193 | 37 | "name":"Blue Belt", |
194 | 38 | "challenges":[ |
195 | 39 | { |
|
222 | 66 | ] |
223 | 67 | }, |
224 | 68 | { |
225 | | - "level":6, |
| 69 | + "level":2, |
226 | 70 | "name":"Brown Belt", |
227 | 71 | "challenges":[ |
228 | 72 | { |
|
255 | 99 | ] |
256 | 100 | }, |
257 | 101 | { |
258 | | - "level":7, |
| 102 | + "level":3, |
259 | 103 | "name":"Black Belt", |
260 | | - "badgrInfo": |
261 | | - { |
262 | | - "issuer":"JEzPNy2zSGG1XVTsJ5JE0g", |
263 | | - "badge_class":"AIMEaNOFQUeaiGZ7gC19FQ", |
264 | | - "recipient_type":"email", |
265 | | - "recipient_identifier":"", |
266 | | - "narrative":"Badge issued for completing the Secure Coding Dojo:First Degree Black Belt.", |
267 | | - "create_notification":true, |
268 | | - "evidence_items":[] |
269 | | - }, |
270 | 104 | "challenges":[ |
271 | 105 | { |
272 | 106 | "id":"cwe120", |
|
0 commit comments