< Frequently Asked Questions />

What vulnerabilities does the Secure Code Warrior secure coding platform cover?

We have an extensive catalog of challenges and missions covering a large number of different vulnerability types - including OWASP Top 10, find out more here.

How does Secure Code Warrior keep up to date with relevant vulnerabilities?

Our challenges are continuously revised and updated with new challenges and new language:frameworks to cover new vulnerability types. Right now, we have thousands of challenges in different languages:frameworks covering the OWASP Top 10, OWASP Mobile Top 10, OWASP API Security Top 10, CWE and SANS Top 25. If you don’t see your language:framework of choice, drop us a note.

What analytics does the Secure Code Warrior platform provide?

Our platform can measure a developer’s progress throughout their secure coding journey. Depending upon account configuration, Administrators, Team Managers and Developers have the ability to track progress on challenges completed, time spent on training, strengths and weaknesses and accuracy and confidence score.

What is Secure Code Warrior’s subscription model?

Secure Code Warrior is available on an annual subscription. Our user-based pricing scales to support the size and needs of your organisations AppSec program.

Do you offer volume discounting for large teams and organizations?

Yes, we offer tiered pricing starts at 100+ users with full access to the platform.

Why does Secure Code Warrior’s approach improve security?

Current application security tools focus on moving from right to left in the Software Development Life Cycle (SDLC) – an approach that supports detection and reaction – detect the vulnerabilities in the written code and react to fix them. Secure Code Warrior starts at the extreme left of the SDLC with a focus on making the developer the first line of defense in their organization and preventing vulnerabilities in the first place.

Current application security tools focus on moving from right to left in the Software Development Life Cycle (SDLC) – an approach that supports detection and reaction – detect the vulnerabilities in the written code and react to fix them. Secure Code Warrior starts at the extreme left of the SDLC with a focus on making the developer the first line of defense in their organization and preventing vulnerabilities in the first place.

What do you do around Customer Data Protection?

We limit the storage of any Customer or Personal Identifiable data as much as possible and any customer data is stored in production systems only and saved until the customer decides to delete it, or his license is not extended and the customer requests to delete the data. For more information, read here.

Do developers require a certain skill level before they start using the Secure Code Warrior Platform?

No. We have new developers with little secure code experience and seasoned developers with lots of experience on the platform. For new developers, we have built in Learning and Knowledge Transfer to help them shape their basic skills and understanding of the leading vulnerabilities. As their skills develop and, like seasoned developers, they become more aware they are challenged by the gamified engagement and increasingly difficulty of the content challenges to constantly improve and become a Secure Code Warrior.

Is the Training self-paced? How much time does a typical developer spend on the platform?

Yes, the training is self-paced. According to Deloitte’s “Meet the Modern Learner,” typically 1% of a typical workweek is all that employees have to focus on training and development. Our platform is built to ensure that this available time is hands-on and effective but it is also designed with the goal that Developers can utilise it outside work hours. On-demand learning in an 'everywhere available' format is critical for today’s learner.

1% of a typical work week is all that employees have to focus on training and development.

Can we download the training data into our organization? Can you integrate into our LMS?

Yes, all the data that we create in our training/evaluation platform is downloadable by the Training Administrator in your organization anytime that they log into the Secure Code Warrior Portal.

What types of support does Secure Code Warrior offer?

We have a fully-integrated support system built into the platform through which we can communicate with an individual developer who requests help. We can also accept feedback on the platform and individual challenges in the platform from any User through the platform. We also provide email support to Training Administrators as required.