/nov 22, 2016

Your Secure Coding Partner: Introducing Veracode AppSec Tutorials

By Tyler White

The driver races ahead, attempting to stay on track as his speed is slowly increasing. Right beside him the navigator sits, guiding the driver’s efforts through his treacherous endeavor. They are both striving to keep pace with the other, as the intensity is ramping up. Everything is about to spin out of control. Then the alarm goes off, and the driver backs away from the keyboard to now become the navigator, while the previous navigator assumes control as the driver. How many of you knew they were programming?

I recently learned about a new phenomenon called paired programming, or “pairing.” If you haven’t heard of it either, it’s a pretty interesting way for developers to share knowledge, transfer skills and improve code quality, all at the same time. As a product manager, I frequently talk to developers and have heard that this process is beneficial, if not always possible because – who has the budget to pay two developers to work on one piece of code? When we heard about “pairing,” it did get us thinking about ways that we could mimic this process and help developers code securely and, ultimately, write better-quality code and better applications.  

Enter AppSec tutorials. AppSec tutorials are short, less than 10 minute videos that are designed to act like that second programmer – helping you along, giving you tips, but never talking your ear off for an hour, so you get to the content you actually need – quickly. If you’re faced with a coding issue, like a XSS flaw, the tutorial will show you what it is, demonstrate how it works, and teach you how you can protect against it. We kept them short and sweet so they won’t derail you from what you’re working on – you can watch them while you make your fixes. Super easy – right? Also, so you don’t have to go looking for the information, the Veracode platform will actually suggest AppSec tutorial content based on the vulnerabilities that are found in the application you wrote. The AppSec tutorial is your navigator as you develop your application, and this navigator has been trained by some of the best minds in AppSec.  

When we decided to create these tutorials, I knew developers didn’t want to hear from someone like me (although if you ever need a tutorial on craft beer, I’m your guy). So, I sought the help of Kevin Richard, a great security researcher here at Veracode, and former developer and security consultant. He has some of the best knowledge in the industry, but also knows from personal experience what developers want to hear. Kevin will take you on a journey through all types of vulnerability topics ranging from Cross-Site Scripting (XSS) to Directory Traversal, with new courses being added all the time. He will show you code examples of how a vulnerability happens and how you should protect against it. He is the mastermind behind this curriculum – so you won’t have to snooze through hours of content you don’t need. 

I know that you don’t want to spend your days fixing security flaws. You want to make cool stuff, right? The best part about this is that you’ll learn solid secure coding skills, so you can avoid introducing flaws into your applications in the first place, and spend more time focusing on cool stuff. 

If you want to take a look at one of our AppSec tutorials for yourself, click here for a full tutorial on Cross-Site Scripting!


Related Posts

By Tyler White

Tyler has been with Veracode for four years working across the organization, supporting customers from roles within Services and Sales teams. In his current role of Product Manager for Veracode eLearning, he is focused on making Veracode’s users more knowledgeable on all aspects of Application Security and improving the security of their applications through the extensive Veracode eLearning course catalog. When he is not working, Tyler is an avid runner and will talk your ear off about music and craft beer.