Secure Code Warrior

Shifting from reaction to prevention


So I think one of the challenges we're facing in software development and security, is that we've been seeing the same or current software vulnerabilities for the past 20 years. Whether you're using static code analysis, whether you're using vulnerability assessments, or penetration testing, the same problems are re-occurring in different technologies and different parts of the code. 


And I think the second challenge we have, whether you're using static code analysis or using vulnerability assessments and penetration testing, is that these technologies often only point out a problem, and not really giving you practical hands-on solutions and how to fix things. And I think that's one of the reasons why we need to move from reaction to prevention is because we know not only wanna prevent the recurrence software security problem, but we also wanna solve them really quickly in the software development cycle. 


So one of the things we're really trying to do at Secure Code Warrior, is integrating into the development processes and tools of the developer, because we wanna be hyper relevant, and contextual to that software developer. We want to be there to help them coach and guide the actual problem. One example is the integration into ticketing systems. We wanna be in that ticketing system, when a security bug is being lodged, whether it's by a static code analysis tool, or about pen testing, we wanna be there, with the developer with some relevant coding patterns and information on how can you now quickly fix this issue in your specific coding language. And in that way, we wanna make us really contextual, and be there for the developer, when he or she actually needs it. With technology like sensei, we actually wanna be contextual inside the IDE of the developer. And when we notice that a new hire or a junior developer is making or using coding practises that would be leading to security vulnerability, we actually wanna be there, to not only detect the problem and train them on the spot, but we wanna be able to offer them guidance on how to quickly fix it, and even automatically rewrite the code for them inside their IDE. So in that way, we wanna be hyper relevant contextual and also offer solutions for the developer in their own coding language on how to fix and produce secure code in their teams. 


So our ultimate goal is to build security into the DNA of a developer. We don't wanna shift left, we are starting left. We wanna help the developer and empower them, to write secure code from the start. And that's why we build an environment where we provide hands-on gamify, and fun learning experiences, that are specific to the coding and language, that a developer kinda uses. Because we wanna make security something which is building, positive and a fun experience for the developer, so they can write secure code at speed.


So why do developers love Secure Code Warrior? Well first of all, because we basically help them improve their skills in their own coding language and framework, whether you are a front end developer that is coding in react or a mobile developer that is doing Java or swift, or even old school developers that are focusing on COBOL, RPG, or Java and C#, we basically have built a library of content in your specific coding language and framework, so that we can help you in a practical way, understand and make security something which is not scary and something that is actually fun to learn about.