YesWeHack, European Leading Bug Bounty platform, has released "Dojo", a learning platform that helps ethical hackers develop their skills in finding security vulnerabilities. Currently, Dojo offers four different training areas with courses and challenges with different levels of difficulty. Furthermore, users can play with their own configurations and scenarios in a "Playground". YesWeHack plans to adapt the learning platform to current cybersecurity requirements and to continuously expand the training areas.
Cybersecurity training in real-time
When it comes to information security, and especially Bug Bounty, the learning process can be tough. Theoretical information material is abundant. However, there are only a few opportunities to practice under realistic conditions and test real-time threat scenarios. The experience gained from the YesWeHack Bug Bounty platform gave BitK, hacker, and Technical Ambassador at YesWeHack, the idea to develop a training platform that gives users immediate feedback on their coding tests.
"The focus of Dojo is on code. Users can see in real-time what effects a certain input has and how security filters, installed by the developers, could be bypassed. Because we don't store the data on our servers, users can share and practice real-world exploits in Dojo without hesitation" BitK says.
For users who need more guidance, there are four training areas, SQL Injections, MongoDB Injections, XPATH Injections, and Cross-Site Scripting (XSS) Errors, which YesWeHack will continue to complete.
Dojo offers, among others, the following training possibilities:
- Custom Capture-the-Flag (CTF) challenges can be created without the need to set up a server.
- Mock-up of real system setups can be shared with other users via a private link without compromising the security and confidentiality of the actual target.
- The "Playground" can be used as a real-time exploit editor. This way, tricky bugs can be examined peacefully and quietly, in a safe environment.
On top of that, challenges will be published every fortnight to entertain and train the community. The first 5 researchers who find the solution and the 5 best write-ups will be rewarded with packs of YesWeHack goodies. You can find here the best write up of the first challenge which took place last week: https://blog.yeswehack.com/yeswerhackers/dojo-challenge-2-winners/
The Dojo learning platform is now available as a free online offer at https://dojo-yeswehack.com. The only prerequisite is to register on YesWeHack platform.
YesWeHack is a Global Bug Bounty & VDP platform. The platform brings together companies that want to close security gaps in their digital infrastructure with over 20,000 ethical hackers, known as "hunters". The hunters act according to the rules and specifications of the customer and are paid on a success-based basis. In addition to the Bug Bounty platform, YesWeHack offers support in creating a Vulnerability Disclosure Policy (VDP) as well as a job exchange for IT security experts. Dojo, a learning platform for ethical hackers, and a training platform for educational institutions (YesWeHackEDU) are also part of the offering. Companies and organizations such as Deezer, BlaBlaCar, Paris Airport and the French Ministry of Defence rely on YesWeHack. YesWeHack was founded in France in 2013. The company is headquartered in Paris. More information at http://www.yeswehack.com