/feb 20, 2020

Stay Sharp and Squash Security Debt with Veracode Security Labs

By Meaghan Mcbee

“Tell me and I forget. Teach me and I remember. Involve me and I learn.” This renowned quote from Benjamin Franklin is a powerful mantra for refining skills in any craft, coding included.

When it comes to developer training, nothing beats hands-on experience with real code customizable to the way a business runs. That’s why we’re excited to announce our new online training platform, Veracode Security Labs, crafted for developers and organizations eager to learn best practices in modern application security, deliver code on time, and reduce security debt. Whether developers lack the time for training or simply want to stay sharp, Security Labs empowers them to learn and grow backed by application security.

It isn’t a simulated experience; developers can log into the program to access a real application in a contained environment. From there, they learn how to exploit that application and practice fixing vulnerabilities with exercises on modern web applications, in their preferred languages, for a tailored and comprehensive hands-on training that helps them establish best practices. Ben Franklin would be proud.

Fast and effective learning

When a breach hits, employees can find themselves in a mad dash to patch security holes and remediate damage. Being prepared is all about incorporating security-minded processes earlier in the development cycle to avoid such headaches down the road. The interactive Security Labs experience ensures developers leave the training module ready to hit the ground running with fresh new skills that help them not only fix flaws quickly, but also write better code.  

“The future of AppSec depends on enabling developers to create more secure code from the start,” says Fletcher Heisler, Veracode’s Director of Developer Enablement and one of the minds behind Security Labs. Using Security Labs to directly exploit and patch real code means developers can begin improving in just 10 minutes.

“Through this hands-on practice, developers gain practical AppSec skills that can be applied immediately,” Fletcher explains. “For Veracode customers, this means more secure code, less time spent on security debt, and developers who are overall more engaged in supporting security.”

Through progress reporting, email assignments, and a leaderboard, teams of developers feel inspired by each other to advance their secure coding skillsets. Managers can set required modules and deadlines too, with tools for tracking team completion and exporting progress reports so that they have results in hand to prove capability and compliance.

Best practices and beyond

Veracode Security Labs isn’t solely about preparing developers to tackle vulnerabilities and stay on top of compliance. At its core, this training platform bridges the gap between development and security to empower organizations with the tools they need to keep AppSec at the forefront of their operations. And with the average cost per data breach incident hitting 3.29 million in 2019, staying sharp can save money and bandwidth in the long run.

“It’s so much more costly, in terms of both dollars and time, to fix a security flaw once it has already made its way into production code,” says Fletcher. “Meanwhile, security teams can’t scale to the time and expertise required to review every line of code from every developer. If developers have the foundational training to write secure code from the very start, an organization will be able to deliver – and continue to deliver – applications and features on time without getting bogged down in security debt.”

Practical lessons from this hands-on program can help an organization from the ground up. And when paired with Veracode’s Static Analysis IDE Scan solution to quickly identify and remediate flaws at scale, development teams have every opportunity for risk reduction at their fingertips.

Interested in trying it out? You can find more information about Security Labs here, and request a demo to see how this solution can benefit your organization.

Related Posts

By Meaghan Mcbee

Meaghan McBee is a Senior Content Marketing Manager at Veracode, responsible for creating content around best practices in application security and the current state of DevSecOps.