When creating a new course, managers select the specific problem area (eg, SQL injections), the particular languages and frameworks used by the organisation, and the modules and activities (provided by Secure Code Warrior, such as 'locate and fix a medium difficulty SQL injection vulnerability') to be included.
Individuals can be assigned particular courses within the platform, and some courses can be mandated for all employees to ensure a minimum level of expertise. Completion dates and time limits can be set to help ensure progress, and learning is gamified by providing a leaderboard of successful course and challenge completions.
The platform also allows senior developers to quickly prove their competence in particular areas by successfully completing challenges without going through the training materials.
The platform provides a reporting API for integration with learning management systems and business intelligence tools.
Secure Code Warrior co-founder and CTO Matias Madou told iTWire that the company realised that video-based training was not the way to go, and that learning needed to be language and framework specific in order to cater for the varying needs of developers.
The ability to deliver highly relevant training will benefit the internal culture, he suggested. Secure Code Warrior's approach means developers learn how to spot problems and then how to fix them, and thus how to do a better job.
Secure Code Warrior senior product marketing manager Peter Brittliff pointed out that the platform (including Courses) helps developers focus on what matters most to their organisations, provides guided training so individuals don't have to work out where to start, and doesn't unlock a new course until they have completed the preceding one.
It is up to management to acknowledge that security is important, and to allocate time for developers to improve their skills, said Madou. By mapping requirements onto courses, they "give something very actionable to the developers."
He added "we like to work with companies who want to do this for real," not just for 'compliance' reasons.
That's not to suggest compliance isn't important, and Courses can help organisations achieve and maintain compliance with standards such as PCI-DSS and NIST.
The Secure Code Warrior platform was designed to scale to meet the requirements of enterprise customers, Madou said. At the other extreme, the content is suitable for small organisations, especially as one course can accommodate multiple languages. However, it has less of an impact when there are fewer people to be trained.
Secure Code Warrior co-founder and CEO Pieter Danhieux said "I firmly believe that quality code must be secure code. Recurring software vulnerabilities continue to be the bane of the software industry as organisations struggle to manage the sheer volume of them. Courses enables organisations to focus their developer's learning on what matters most, reducing rework and code remediation."
"We've all experienced some form of boring learning in the past and while it's important, compliance training rarely gets people jumping for joy. By engaging teams in role-specific, gamified activities and challenges, Courses helps alleviate the feeling of death-by-powerpoint, and helps businesses to foster positive security posture while reducing recurring vulnerabilities," said Danhieux.
"Customers who have experienced Courses so far, shared really positive feedback around the flexibility it offers and its ability to shape content that provides a more organised, structured and targeted approach to learning how to code securely. One particular customer shared that all developers successfully passed company assessment requirements after completing assigned modules in Courses."
Courses is available immediately as a standard feature of Secure Code Warrior.