YesWeHack releases DOJO, a training platform geared toward learning bug exploitation the fun and visual way


YesWeHack, European Leading Bug Bounty platform, has released "Dojo", a learning platform that helps ethical hackers develop their skills in finding security vulnerabilities. Currently, Dojo offers four different training areas with courses and challenges with different levels of difficulty. Furthermore, users can play with their own configurations and scenarios in a "Playground". YesWeHack plans to adapt the learning platform to current cybersecurity requirements and to continuously expand the training areas.

Cybersecurity training in real-time

When it comes to information security, and especially Bug Bounty, the learning process can be tough. Theoretical information material is abundant. However, there are only a few opportunities to practice under realistic conditions and test real-time threat scenarios. The experience gained from the YesWeHack Bug Bounty platform gave BitK, hacker, and Technical Ambassador at YesWeHack, the idea to develop a training platform that gives users immediate feedback on their coding tests. 

"The focus of Dojo is on code. Users can see in real-time what effects a certain input has and how security filters, installed by the developers, could be bypassed. Because we don't store the data on our servers, users can share and practice real-world exploits in Dojo without hesitation" BitK says.

For users who need more guidance, there are four training areas, SQL Injections, MongoDB Injections, XPATH Injections, and Cross-Site Scripting (XSS) Errors, which YesWeHack will continue to complete.

Dojo offers, among others, the following training possibilities:

  • Custom Capture-the-Flag (CTF) challenges can be created without the need to set up a server.
  • Mock-up of real system setups can be shared with other users via a private link without compromising the security and confidentiality of the actual target.
  • The "Playground" can be used as a real-time exploit editor. This way, tricky bugs can be examined peacefully and quietly, in a safe environment.

On top of that, challenges will be published every fortnight to entertain and train the community. The first 5 researchers who find the solution and the 5 best write-ups will be rewarded with packs of YesWeHack goodies. You can find here the best write up of the first challenge which took place last week:

The Dojo learning platform is now available as a free online offer at The only prerequisite is to register on YesWeHack platform. 


YesWeHack is a Global Bug Bounty & VDP platform. The platform brings together companies that want to close security gaps in their digital infrastructure with over 20,000 ethical hackers, known as "hunters". The hunters act according to the rules and specifications of the customer and are paid on a success-based basis. In addition to the Bug Bounty platform, YesWeHack offers support in creating a Vulnerability Disclosure Policy (VDP) as well as a job exchange for IT security experts. Dojo, a learning platform for ethical hackers, and a training platform for educational institutions (YesWeHackEDU) are also part of the offering. Companies and organizations such as Deezer, BlaBlaCar, Paris Airport and the French Ministry of Defence rely on YesWeHack. YesWeHack was founded in France in 2013. The company is headquartered in Paris. More information at

November 19, 2020


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023