How to Set Up Company Quests

If you are an administrator, you can define a Quest (or more) based on your compliance needs, company goals...etc by building quests for developers to complete.

 

 

• Quests
• How To Add a Quest
• Do Users Get Notified When a New Quest is Created?
• Do Users Get Reminded Before the Quest's End Date?
• Can you edit Quests?

 

Quests

To set up a quest you can select one or multiple vulnerabilities that you want learners to focus on. These could be goals to meet your compliance requirements or just the vulnerabilities that matter the most to your organization. 

Note: To achieve the learning outcome, a learner must complete all the content associated with the chosen vulnerability or concept.

How to Add a Quest

 

Step 1 

Navigate to the Quests dashboard by selecting the "Administration" dropdown and selecting "Quests" 

 

 

Step 2

Click the "Create new" button 

 

Step 3

Start by giving the quest a name, then configure it as desired.

• Quest Name: The name of the quest end learners will see.
• Mandatory Quest: Make the quest mandatory to prioritize it over optional quests.
• Badge: Upload a badge that learners will earn once they complete the quest.
• Objectives: The vulnerabilities that you want learners to focus on. 
• Start Date: Determines when the quest becomes visible to learners 
• End Date: Determine the quest's deadline, after which it will disappear for learners 

 

 

 

Step 4 

You have the option to assign the quest either to specific teams or to the entire company. 

 

 

Step 5 

Now it's time to add your objectives. You can create a quest based on:

• Security Concepts
• Specific Vulnerabilities 
• Compliance 

Security Concepts 

This option allows you to select specific security concepts to assign to your learners:

Security Concept	Content
AI/LLM Security	Coding with AI Introduction to AI Risk & Security OWASP Top 10 for Large Language Model (LLM) Applications
Authentication and Authorization Protocols	OAtuth 2.0 Security
Cloud Security	Introduction to Cloud Security  Securing Amazon Web Services (AWS) Securing Microsoft Azure Securing Google Cloud Platform (GCP) Securing Infrastructure as Code
Cryptography	Introduction to Cryptography for Developers and Architects
Data Security	Data Security  Security for Data Scientists & Analysts Secure Password Storage
Industry-Specific Security	Introduction to Automotive Security  Secure Development for Healthcare
Internet of Things	Introduction to Securing the Internet of Things
Open-Source and Supply Chain	Open-Source Software (OSS) Open-Source Policies and Risks
Payment Card Industry (PCI)	PCI DSS v4.0 Concepts and Compliance
Privacy	Introduction to GDPR GDPR for Developers and Architects  GDPR for Development and Project Managers
Secure Software Design	Architecture Risk Analysis Risk-Based Security Testing Strategy Threat Modelling Security Requirments
Security Foundations	Foundation of Software Security  Application Security Concepts  Attack and Defense  Web Application Security 101

Specific Vulnerabilities 

• Custom Vulnerabilities: This is ideal if you want to focus on specific vulnerabilities that will be assigned to learners based on their language selection. Allows you to tailor your quest according to your company’s needs.
• Most Common Vulnerabilities (prebuilt): Training content based on OWASP and SCW recommendations to gain the knowledge and skills to address security risks specific to their development environment. You can choose between:
  • • Top 3
    • Top 5
    • Top 10

 

Compliance

PCI-DSS (prebuilt): A curriculum covering all aspects of PCI-DSS compliance, ensuring that your employees are well-equipped to protect sensitive cardholder data.

Note: If you select the PCI-DSS objective, you can download a PDF that shows which vulnerabilities map to which PCI requirement.  
 

1. Click the double-sided arrow to view the PCI-DSS curriculum

2. Click the "Download PDF" button

 

 

Step 6

 

Now the quest is ready to be published. Click the  "Save & Publish" button to publish the quest or 
"Save as draft" if you aren't ready to publish it yet.

Step 7

When you click the "Save & Publish" button, you will receive a pop-up to confirm that you want to publish the quest. Click "Publish" or "Schedule" to proceed

No Start date: learners will see the quest immediately 

 

Start Date in the future:

 

Do users get notified when a new Quest is created?

Yes,  but only if the "Send Quest based emails" setting in the "Communications" page is enabled.



Please keep the following in mind:

• Users who have selected languages that are irrelevant to the quest -  will not receive any emails.
  
  Example: The user selected backend languages/frameworks and the vulnerabilities included in the quest are relevant to frontend languages/frameworks)
  
  
• Users who have selected languages relevant to the quest - will receive an email titled "You have been assigned a new quest".
  
  Example: The user selected backend languages/frameworks and the vulnerabilities included in the quest are relevant to backend languages/frameworks)

• Users who have not yet selected a language(s) - will receive an email titled "Select your development languages on Secure Code Warrior"
  
  

  Note: The reason this group of users doesn't get the "you have been assigned a quest" email is that it's not possible to determine whether the quest applies to them before they select their preferred language(s)

 

 

Do users get reminded before the Quest's end date?

Yes. Users who haven't completed the Quest will recieve a reminder email 7 days before the Quest's end date

Can You Edit Quests?

The ability to edit any Quest depends on its status

Quest Status	Can Edit?	Can Archive?	Can Delete?
Active	❌	✅	❌
Scheduled	❌	❌	✅
Finished	❌	✅	❌
Archived	❌	-	❌
Draft	✅	❌	✅

Related Links:

• How to Track Company Learning Goals
• Quests Module Overview
• How to Complete a Quest