Bilan de l'année 2022 : points forts, nouvelles innovations et ressources pour vous aider à tirer le meilleur parti de Secure Code Warrior

Here at Secure Code Warrior, we’re constantly innovating to help equip developers and organizations with the right skills to tackle today’s ever changing security challenges. 

We’ve compiled the top features and updates to our platform, as well as the resources and guidelines published this year, to help your organization secure your software through developer-driven security at the start of the software development cycle.

Highlights from 2022

2022 was a big year for secure code learning. Here are some metrics we’ve pulled from our users to show the scope and scale of our learning platform.
‍

‍

2022 was a big year of building, let's run through a few of the top highlights!

Top Releases in 2022

Coming soon: Coding Labs

With Coding Labs, developers can advance their secure coding skills with a hands-on learning experience in a one-of-a-kind fully powered in-browser IDE. By training in a familiar environment, it’s easier than ever to go from learning new skills to applying them to actual code and preventing vulnerabilities before they’re introduced.

Coding Labs is currently available in preview for customers, reach out to your SCW representative to learn more about getting access if you haven’t already.

SCORM LMS Integration

SCORM is the international standard for e-courses. If your course is published in the SCORM format, you can be sure that almost any learning management system (LMS) will recognize it.

The SCORM LMS integration allows admins to easily manage their secure code training program alongside their other training platforms in one place, saving you time and letting you focus on the important things ,like focusing on more impactful ways to improve your training programs. 

Secure Code Warrior Connector for Okta Workflows 

This integration helps to prevent insecure code from being introduced to your codebase with the power of a security-proficiency check that can be built into your flow. 

When working on code bases, such as in a GitHub repository, you can set required lessons and assessments as qualifiers for coding in the base. This empowers your leaders to make sure each developer is ready to work in the relevant code base, helping level up the security posture of the entire organization. 

Learn more about Okta + SCW 

See the Demo here 

Learn more and see a live demo of Coding Labs in this webinar on Developer Productivity and Enablement.

Check out what’s new in our Blog

See the Okta Demo and our other integrations in one of our ProductTalks. 

Vulnerabilities in the news 

Secure Code Warrior offers a rapid response to top vulnerabilities to ensure you're aware of the situation and what to do. Plus, when possible we'll even create a simulation where you can get hands-on experience in the mechanics, and you can better protect your application against future threats. 

2022 was an eventful year when it came to vulnerabilities and attacks rearing their ugly heads. From a log4j vulnerability putting millions of applications at risk, to a python tar traversal path that took nearly 15 years to be fixed. Secure Code Warrior has the guidelines and free test missions to prepare you for these types of vulnerabilities. 

• Log4J vulnerability
• Trojan source
• Spring vulnerability
• NGINX and Microsoft Windows SMB Remote Procedure Call Service vulnerability
• Hardcoded credentials
• Python path traversal bug

Additional releases and updates 

At Secure Code Warrior, we are all about scalable and engaging education that meets the developer where they are, no matter which level they are at. In June, we kicked off our quarterly ProductTalk webinar series which covers all of the exciting things that we are rolling out to our customers.

2022 saw many additions to the languages and content available at SCW, as well as critical improvements to the admin experience, and forays into more detailed reporting. 

Flexible and diverse education

Secure Code Warrior contains training content in 63+ different languages (and counting), from the most popular (Java and C++) and the rising stars like GO and Typescript. In 2022 we added even more content and languages to our repertoire. 

• NEW OWASP course templates to help build upon your developers’ baseline knowledge and security awareness.
• New language - SAP:ABAP  Niche languages like SAP:ABAP get the SCW treatment with training content that is delivered in developers’ preferred format - code snippets and samples

Streamlined configuration and administration

We know how important it is to make it easy to deploy and maintain secure coding programs. In 2022, we made a lot of intentional improvements to make our admin’s jobs easier and create an experience that is headache free and intuitive.

• Course Tabular View - Now it’s even easier for you to create courses for different development teams quickly.
• Course Editing and Versioning - Admins can edit their existing courses and create basic course versions without having to create a brand new course
• Bulk Actions - Do more with fewer clicks and make changes to courses from one place instead of applying changes across every language.
• Continue Button - Access Courses from the Home Screen with a "Continue" button to the new homepage displays a list of activity cards to help users quickly resume the modules they have previously started.

Reporting and analytics

For company admins and team managers, the need to monitor activity across the organization is crucial to understanding your developer’s engagement and measuring the success of your training program. By accessing key metrics like number of courses completed and time spent on courses - either at the team or individual level, even more strategic decisions can be made towards building richer training programs.

• Training Metrics - Report on the progress and success of your application security program with metrics that show how well a developer is progressing in their training rather than how long they’ve spent on the platform.

• Assessment CSV downloads - Quickly understand your developers strengths and weaknesses to assess your strategy and maturity, with CSV downloads that include all versions of the assessment rather than just one version.

Tech stack integrations

Secure Code Warrior’s approach to integrations ensures your SCW program is built directly into your preferred products and developers’ workflows to enhance user experiences and enable just-in-time remediation, as well as stickier learning outcomes. 

• Secure Code Warrior for GitHub - Enable contextual training inside GitHub workflows by appending contextual application security training material to SARIF files or directly within the issues and pull requests, giving developers access to knowledge when they need it most in order to help you ship quality code faster.

Learn more about SCW+GitHub 

• Secure Code Warrior for GitLab - Embed highly relevant Secure Code Warrior training links to the Vulnerability Details section of vulnerability reports inside GitLab. This helps to reduce the time gap between learning and application of knowledge to ensure future usage.

See the Demo

Learn more about SCW+GitLab  

• Synopsys Seeker integration - Link Secure Code Warrior resources, videos, and training links to vulnerability findings within Seeker. Micro-learning within Synopsys Seeker helps to identify and resolve vulnerabilities with easily accessible training guidance within Seeker. 

Learn More about Synopsys + SCW

Devlympics 2022

Secure Code Warrior hosted its second annual Devlympics secure coding competition on October 19th, 2022. We’re proud to share that Devlympics 2022 was even bigger than last year! This year's event included 2910 registrations with almost 800 players in either the Champion or Ultimate Warrior arenas, and has proven to be a huge success in helping developers of all experience levels advance their secure coding skills. 

During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills, from hobbyist to professionals within the chosen languages.

At the same time, security experts were invited to the Secure Code Forum Discord channel to live-play and to share feedback, swap jokes and memes, and learn more about Secure Code Warrior. 

Resources to help you succeed 

Secure Code Warrior is one of four companies named in the Gartner® Cool Vendors™ in Software Engineering: Enhancing Developer Productivity report. In addition to offering innovative solutions that help organizations boost developer productivity and mitigate security risks, Secure Code Warrior has released a number of resources and research on the importance of Developer Driven Security. 

Whether you’re an AppSec manager struggling to get engagement and input from your developer teams, or if you’re an engineering manager working to upskill your teams’ security-posture, we’ve got you covered with the guides and tools you need to advocate for developer-driven security in your organization. 

• Secure Code Coach - a resource hub for developers to learn and engage with members of their community to learn more about secure coding ‍
• Whitepaper: The State of Developer Driven Security‍
• Whitepaper: The Challenges to Improve Software Security ‍
• The secure code training blueprint‍
• Steps to development team security maturity‍
• The developer security maturity matrix
• The importance of security maturity in developer teams‍
• Your Handbook to Developer Driven Security 

Interested in trying out Secure Code Warrior but don’t have an account yet? Sign up for a free trial account today to get started.

Talk to Sales to learn more. 

Follow Secure Code Warrior on Twitter to get updates about the latest releases and improvements.

That’s all for now, see you in 2023!

‍

‍