We recently partnered with Enterprise Strategy Group (ESG) to survey software development and security professionals about modern application development and how applications are tested for security. The soon-to-be-announced survey found that 53% of organizations provide security training for developers less than once a year, which is woefully inadequate for the rapid pace of change in software development. At the same time, 41% say that it’s up to security analysts to educate developers to try to prevent them from introducing significant security issues. So, where’s the disconnect?
Communication breakdowns and misaligned training priorities between security and development teams are part of the problem. As developers are being asked to “Shift Left” to take on more responsibility for secure code earlier in the software development lifecycle, it’s increasingly more important for developers to get the training they need to not just create world-class applications – ones that have security designed in from the beginning.
Enterprise-grade tools for all developers
Veracode Security Labs Enterprise Edition is perfect for engineering teams, but we wanted every individual developer to have access to the same quality of training, from casual hobbyists to professionals interested in improving their secure coding skills. I’m excited to announce Veracode Security Labs Community Edition, where developers worldwide can hack and patch real applications to learn the latest tactics and security best practices with guidance while exploring actual code on their own time; and it’s free!
With Veracode Security Labs Community Edition, you now have the tools you need to close any gaps in security knowledge that are holding you back. It’s a module that fits within the Veracode Developer Training product family, featuring tools and robust programs built with interactivity in mind so that developers can get their hands on a practical training tool at a moment’s notice.
Here are the differences between the Community Edition and Enterprise Edition:
While the Enterprise Edition has features that support the efforts of development teams with full compliance-based curricula, rollout strategies, and progress reporting, the Community Edition offers selected topics and one-off labs for individuals who are looking to strengthen their security knowledge. Though there are differences that enable scalability for organizations and teams, the benefits for individual developers remain the same:
- The ability to exploit and remediate real-world vulnerabilities to learn what to look for in insecure code.
- Fast and relevant remediation guidance in the context of the most popular programming languages.
- Easy and fun hands-on training that provides professional growth.
- Improved security knowledge while building confidence through interactive trial and error.
When you practice breaking and fixing real applications using real vulnerabilities, you become a sharper, more efficient developer – especially with a variety of challenges to choose from as you go. We plan to expand the number of labs and challenges over time but initially, the Community Edition will cover topics ranging from beginner to advanced, including:
- Common ReactJS pitfalls
- Bash terminal usage
- HTTP header injection
- Replay attacks
- Mass assignment flaws
How it works
Choose a lab to get started.
Access the live terminal session to connect to a containerized environment where the vulnerable application is running.
Use the code editor to find the vulnerability and patch it.
When it comes to closing gaps and realigning priorities, education is key – but it isn’t one-size-fits-all. Whether you want to enroll your entire team of developers into a customizable training program or you’re looking into developer education as a pathway for individual growth, Veracode Security Labs helps level the playing field by ensuring everyone is on the same page about critical security issues in software development.