Kurukshetra is a modern web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user input in a secure sandboxed environment.
Kurukshetra is composed of two components, the backend framework written in PHP, which manages and leverages the underlying docker system to provide the secure sandbox for the challenge execution, and the frontend, which is a user facing web app providing all the necessary controls, for the admin to host and modify the challenges , and the user to execute and view the result of each of his input.
Why kurukshetra ?
The main problem that today’s developers face is the increasing complexity of the software stack that they have to develop and this combined with insufficient knowledge about secure learning practices leads to companies having to resort to allocating more and more resources to post-launch security and maintenance.
The main root cause of this whole problem is the fact that most of the companies are not investing in teaching secure coding practices to their core developers and new hires. They are expected to churn out the most functionally complete product in the least amount of time and almost always security is left as an afterthought.
Why would any company do something that incurs more loss down the line ? This is mainly due to the fact that there is no easy to use framework to teach developers secure coding practices using practical method when compared to the abundance of frameworks and sites available for teaching developers programming techniques and methods.
It is this lack of framework which neatly integrates into the learn, practice, adapt workflow of modern developers that inspired us to create Kurukshetra.
How kurukshetra helps ?
The best way to improve the security of an application is to teach developers how to write secure code. When the developers are aware of secure coding methodologies, the number of trivial vulnerabilities that will be present in the code written by them goes down subsequently. This will result in lower work for security engineers and developers and allow them to double down and focus on important things.
Kurukshetra aims to deploy a framework where developers can learn secure coding practices in a hands on manner.
Contributors
Awesome people who built this project:
Lead Developers:
Anirudh Anand (@a0xnirudh)
Mohan KK (@MohanKallepalli)
Project Contributors:
Arjun T U (@arjunkikz)
Durga Subramanian (@0xdug)
Ankur Bhargava (@_AnkurB)
Prajal Kulkarni (@prajalkulkarni)