Welcome

SecDim is the world’s first in-repository secure code learning wargame. We train and assess engineering teams' readiness in preventing cybersecurity attacks. Our content is inspired by real-world security incidents or reported vulnerabilities.

SecDim’s novel teaching approach delivers learning content through an attack-and-defence game. Learners engage with secure coding challenges, each of which presents a fully functional application with a vulnerability or a cloud environment with a security hardening weakness.

The objective of a learner is to find, exploit, and fix the vulnerability. Learners receive scores and rankings as they solve secure coding challenges. They also earn badges for their achievements.

The current approaches to teaching secure coding generally fall into the following categories:

Research has shown that these approaches do not effectively develop practical secure coding skills that learners can apply in their day-to-day work.

In organisations where security training is pushed via existing learning systems, such as SCORM-based learning or other compliance-driven portals, learners often perceive the content as ineffective or irrelevant. They see secure coding as a mandatory requirement rather than an essential skill and fail to understand their shared accountability.

Step-by-step hands-on labs fail to engage engineers who are preoccupied with pressing tasks and deadlines. After a few basic steps, they lose interest and focus.

Even when an engineer engages with the content, there is an underlying assumption that knowledge acquisition will translate into behavioural change and secure coding skills. This assumption is fundamentally flawed. The most knowledgeable person is not necessarily the most skilled.

SecDim’s novel approach is based on proven modern learning methodologies, drawn from both academia and our experience in running large-scale Capture The Flag (CTF) competitions.

SecDim’s teaching is problem-solving-driven. It is highly practical and focuses on behavioural change and skill development rather than passive knowledge acquisition.

We present security vulnerabilities as software engineering problems and deliver them as coding challenges that engineers must solve.

Our approach emphasises critical thinking and problem-solving—key skills necessary for addressing security vulnerabilities. The process of trial and error is essential in building secure coding expertise.

Our method provides instant feedback, allowing engineers to learn from their mistakes and refine their strategies for better results.

The scoring system and badges not only serve as incentives but also as tangible measures of skill development, acknowledging one’s progress and achievements.

Overall, SecDim’s approach implicitly engages engineers in a learning process that results in genuine secure coding skill development.