Did you know 60% of developers have zero confidence in the security of their own applications?
That's over half the population of developers, wow! But why?
It largely comes down to the fact that developers are measured on speed and the number of bugs in code, not on security vulnerabilities. Naturally they tend to focus on aspects measured, showing little interest in those that are not. This attitude has unsurprisingly led to a disinterest in the education of security.
What's being done about it? Well, traditionally, training delivery methods consisted of video tutorials, classroom training, and online courses. However, such methods often failed to achieve developer secure code education (SCE), because they were seen as dull and uninteresting.
CxCodebashing was introduced as a solution to this.
What is CxCodebashing?
In a nutshell, CxCodebashing is a new-generation, gamified, and interactive secure coding education solution, where training is offered on-the-spot, on request. Developers don’t need to leave their work space, and can focus their attention on specific challenges without diverting their attention away from writing code.
Why is this important? By empowering developers to be the first line of security defence, organisations can truly shift left and ultimately achieve faster and safer application delivery, with minimal effort and cost.
Checkmarx are not only our partner but they are the only leading vendor in both vulnerability detection and security training. Using real world examples from penetration testing teams, they manage to stay on top of security issues.
CxCodebashing can be used independently or in full integration with the Checkmarx Software Exposure Platform user interface. Vulnerabilities detected in CxSAST include an easy-to-follow link to the relevant CxCodebashing lesson.
Developers can learn why a problem happened, how to fix it and most importantly how to prevent it from happening again. This is achieved through Checkmarx’s unique integration between CxCodebashing and CxSAST where vulnerabilities can be identified by a CxSAST lead to a practical lesson in CxCodebashing.
The philosophy behind Codebashing is to empower developers on how to think and act with a secure mindset. Managers have full control, visibility and can assign specific programming language courses to their teams with ease, tracking progress where necessary.
CxCodebashing allows businesses to raise the baseline AppSec knowledge across their entire development team in a fast, scalable, and positive way.
It is compatible with regulatory standards such as the PCI-DSS which requires “role based security training” or more specifically “developer security training”.
Be sure to check out our partner page with Checkmarx here for more information on securing code from the start.
July 18, 2019
In the United States alone, Generation Y makes up for a substantial portion of today's workforce, bringing with them change. For many, any form of
Born in the noughties, I’ve grown in tandem with the technology we use today. Over such a short time span I’ve seen new devices advance at a