SecDim Secure Coding Labs

get_learning_pathway

Return a personalized secure code learning pathway based on github or secdim profile context. Use this tool to: - Analyze GitHub profile to understand developer's experience and provide a personilized learning path - Analyze SecDim profile to understand developer's experience and provide a personilized learning path - Provide important resources and link to secure code learning labs on how to fix specific vulnerabilities - Teach developer how to patch a specific vulnerability - Provide a series of hands-on labs to practice secure coding - Create a personalized learning path for secure coding practices When secdim_username is provided, the tool will: - Fetch player profile from /player/{username}/activity API - Fetch completed challenges from /player/{username}/completed API - Filter out challenges the user has already completed - Use player skill data to better match language and technology recommendations - Estimate experience level based on challenge completion history The tool will provide error feedback if: - No suitable challenges were found for the requested language - The main vulnerability was not provided or had no matching labs - The user has completed a large number of challenges (50+) - There was an issue analyzing either GitHub or SecDim profiles Args: language: Programming language (e.g., 'javascript', 'python') vulnerability: The vulnerability to focus on (e.g., 'xss', 'sql-injection') experience_level: Developer experience level (default: beginner) github_username: GitHub username for profile analysis (at least one of github_username or secdim_username is required) secdim_username: SecDim username for profile analysis (at least one of github_username or secdim_username is required) github_token: GitHub token for API access (optional) Returns: Dictionary containing the learning pathway or error

get_vulnerable_practice_labs

Return a list of hands-on SecDim secure coding labs related to a detected or suspected vulnerability. Use this tool to: - Find secure coding learning labs for specific vulnerabilities like XSS, SQL Injection, etc. - Explore OWASP Top 10 vulnerabilities and related labs - Provide additional resources and guides to help developers improve their secure coding skills Args: search: Search term for the vulnerability (e.g., 'xss', 'sql-injection', 'injection') cwe: Common Weakness Enumeration (CWE) ID to filter by owasp: OWASP category to filter by (e.g., 'a03:2021') technology: Technology or framework to filter by (e.g., 'react', 'django') language: Programming language to filter by (e.g., 'javascript', 'python') Labs are secure coding challenges each simulating a real vulnerability. They are tagged with the following difficulty levels - Trivial: Easy to find and path vulnerabilities. It can be completed in 5-10 minutes. 1-15 points. - Easy: Known vulnerabilities. It can be completed in 10-30 minutes. 16-35 points. - Medium: Known vulnerabilities but require defence-in-depth patch. It can be completed in 20-30 minutes. 36-70 points. - Hard: Hard to find or patch vulnerabilities. It can be completed in 30-60 minutes. 71-100 points. - Battle: SecDim Flagship attack and defence challenge that require both vulnerability exploitation and mitigation skills. Points are accumulated. Returns: Dictionary containing labs results or error If there are no results, user can perform a manual search on https://play.secdim.com/browse