Tuesday, 21 July 2020 00:01

Secure Code Warrior Courses helps devs write secure code


A new feature of the Secure Code Warrior secure coding platform helps organisations enhance secure coding skills, meet regulatory compliance and build a stronger security posture, the company claims.

The new Courses feature of the Secure Code Warrior platform enables organisations to target the most relevant languages and types of security issues, and thus improve the security of their codebases.

Each of Courses' learning modules helps developers locate, identify and fix security vulnerabilities across more than 20 different programming languages including C#, Java EE, Python, JavaScript, Kotlin and Swift. Additional languages such as Docker and Kubernetes will be available in future releases, the company said.

When creating a new course, managers select the specific problem area (eg, SQL injections), the particular languages and frameworks used by the organisation, and the modules and activities (provided by Secure Code Warrior, such as 'locate and fix a medium difficulty SQL injection vulnerability') to be included.

Individuals can be assigned particular courses within the platform, and some courses can be mandated for all employees to ensure a minimum level of expertise. Completion dates and time limits can be set to help ensure progress, and learning is gamified by providing a leaderboard of successful course and challenge completions.

The platform also allows senior developers to quickly prove their competence in particular areas by successfully completing challenges without going through the training materials.

Secure Code Warrior Courses Playing a Challenge

The platform provides a reporting API for integration with learning management systems and business intelligence tools.

Secure Code Warrior co-founder and CTO Matias Madou told iTWire that the company realised that video-based training was not the way to go, and that learning needed to be language and framework specific in order to cater for the varying needs of developers.

The ability to deliver highly relevant training will benefit the internal culture, he suggested. Secure Code Warrior's approach means developers learn how to spot problems and then how to fix them, and thus how to do a better job.

Secure Code Warrior senior product marketing manager Peter Brittliff pointed out that the platform (including Courses) helps developers focus on what matters most to their organisations, provides guided training so individuals don't have to work out where to start, and doesn't unlock a new course until they have completed the preceding one.

It is up to management to acknowledge that security is important, and to allocate time for developers to improve their skills, said Madou. By mapping requirements onto courses, they "give something very actionable to the developers."

He added "we like to work with companies who want to do this for real," not just for 'compliance' reasons.

That's not to suggest compliance isn't important, and Courses can help organisations achieve and maintain compliance with standards such as PCI-DSS and NIST.

The Secure Code Warrior platform was designed to scale to meet the requirements of enterprise customers, Madou said. At the other extreme, the content is suitable for small organisations, especially as one course can accommodate multiple languages. However, it has less of an impact when there are fewer people to be trained.

Secure Code Warrior co-founder and CEO Pieter Danhieux said "I firmly believe that quality code must be secure code. Recurring software vulnerabilities continue to be the bane of the software industry as organisations struggle to manage the sheer volume of them. Courses enables organisations to focus their developer's learning on what matters most, reducing rework and code remediation."

"We've all experienced some form of boring learning in the past and while it's important, compliance training rarely gets people jumping for joy. By engaging teams in role-specific, gamified activities and challenges, Courses helps alleviate the feeling of death-by-powerpoint, and helps businesses to foster positive security posture while reducing recurring vulnerabilities," said Danhieux.

"Customers who have experienced Courses so far, shared really positive feedback around the flexibility it offers and its ability to shape content that provides a more organised, structured and targeted approach to learning how to code securely. One particular customer shared that all developers successfully passed company assessment requirements after completing assigned modules in Courses."

Courses is available immediately as a standard feature of Secure Code Warrior.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News