Disrupting Application Security Training
Traditional AppSec training is boring and dull. Not because it’s supposed to be, but the current model of teaching is non-intuitive and full of drudge. Developers are simply expected to consume a PowerPoint, a flash presentation or a trainer talk about SQL injection or buffer overflows. Additionally, firms that provide software security training have failed to evolve and can become complacent in delivering outdated and mediocre courses, which at best frustrate developers and worse, treat AppSec training as a tick box exercise.
How to explain a “Buffer overflow” to 1000 software developers ?
Certainly not like this.
Or like this …
At Codebashing, we believe that the future is in interactive forms of training, enabled through attention grabbing experiences and one that supports the future of secure software delivery.
The following screenshot is an interactive module of a “stack overflow” course from our newly released C/C++ catalogue, that allows a developer to interact with a vulnerable application in real time.
Our main learning environment consists of many different UI elements. Some, like the CODE and STACK, are present at all times. However, depending on the exercise components appear and disappear — for example the ASSEMBLY and COMMAND LINE can be mixed-and-matched depending on the lesson.
In the following example “format string attack”, we introduce a new CLIENT and SERVER TERMINAL component.
By putting interactivity into our learning simulations, we put the developer first, by allowing them to engage with their learning environment, make decisions and put the acquired security knowledge into action.
If you’d like to learn more about our solution, and how we help businesses with the scalable training to fit within their wider Application Security Programs we’d love to hear from you. Email us at firstname.lastname@example.org.
Codebashing is the easiest way to learn application security for enterprise developers. We are venture backed by Checkmarx (www.checkmarx.com) and our customers include Microsoft, Fitbit, Sky and many other Fortune 500 companies.
Check out our demo at https://www.codebashing.com/try-me