"I've always been a big advocate of learning by doing," Secure Code Warrior co-founder and CEO Pieter Danhieux told iTWire.
Missions is the result of Secure Code Warrior's acquisition of Iceland-based start-up Adversary earlier this year.
Danhieux said he wants developers to understand not just the difference between good and bad coding, but also the impact that mistakes can have.
|
So Missions simulates past flaws, such as the GitHub Unicode issue. This way, participants gain first-hand experience of such situations.
Secure Code Warrior already provided explanations of how attacks such as SQL injections work. Missions adds a running application that contains a particular type of vulnerability, along with its source code, so the participant can see what goes wrong.
40 missions covering common security vulnerabilities are initially included, and all of them are based on real-world scenarios that have affected high-profile organisations. Other examples include cross-site forgery and exposed credentials.
A security expert at Australia's largest general insurance company who has trialled Missions over the past fortnight said, "Missions' problem-solving approach helps developers think and understand security vulnerabilities in-depth, and has increased our team's ability to spot security vulnerabilities in code review."
Seven language frameworks are supported at launch: Java:Spring, C#(.NET):MVC, C#(.NET):Web Forms, Python.Django, Java:Enterprise Edition (JSP), JavaScript:Node.JS and C#:Core. Additional languages are forthcoming.
Missions initially appears within Secure Code Warrior's Tournaments feature, but will be extended across the entire platform.
It adds to the 49,000 challenges already presented by Secure Code Warrior, and there are more to come, including some relating to mobile apps.
"Missions is like a flight simulator for coders," said Danhieux.
"Just like a pilot who needs to continually train to keep flying, Missions offers practical applications of live code in a hyper-relevant environment designed to encourage coders to understand attacks, practice and perfect their secure coding skills and knowledge.
"We're levelling up our existing offerings in a logical fashion and creating a progressive, scaffolded approach to building skills. It helps developers move from merely recalling knowledge to systematically building upon their experiences and skillset in real-time, fostering valuable secure coding skills that are job-relevant and allowing coders to experience the impact of insecure code first hand, in a safe environment."
To allow potential users to try Missions for themselves, Secure Code Warrior has made the mission based on the GitHub Unicode available to the public.