New Content
4 foundational guidelines around software security standards and OWASP
We’re excited to introduce 4 new foundational guidelines to improve your understanding of software security standards and OWASP practices. The new categories are:
- Foundations of Software Security
- Introduction to Security Standards
- Introduction to OWASP
- Overview of OWASP Web TOP 10
- Overview of OWASP API TOP 10
13 Infrastructure as Code guidelines with Terraform:AWS support
We’ve introduced 13 new guidelines for Infrastructure as Code with Terraform:AWS code snippets. Guidelines for additional languages will be available soon. These guidelines are now available across the entire platform and within course templates.
The supported categories are:
- Access Control
- Missing Function Level Access Control
- Authentication
- Insufficiently Protected Credentials
- Business Logic
- Insufficient Validation
- Logical Error
- Information Exposure
- Sensitive Data Exposure
- Insufficient Logging and Monitoring
- Insufficient Transport Layer Protection
- Unprotected Transport of Sensitive Information
- Security Misconfiguration
- Disabled Security Features
- Improper Permissions
- Information Exposure
- Sensitive Data Storage
- Plaintext Storage of Sensitive Information
- Vulnerable Components
- Using Components From Untrusted Source
- Using Known Vulnerable Components
8 guidelines updated for Python support
We’ve updated 8 existing guidelines to include Python:Basic support and code snippets:
- Access Control
- Missing Function Level Access Control
- Missing Object Level Access Control
- Authentication - Improper Authentication
- Improper Assets Management - Improper Assets Management
- Information Exposure - Sensitive Data Exposure
- Insecure Cryptography - Weak Algorithm Use
- Insufficient Transport Layer Protection - Unprotected Transport of Sensitive Information
- Security Misconfiguration - Improper or Missing HTTP Headers
35 C Challenges
We’ve added 35 new C challenges to support CERT C preparation. These challenges cover a wide range of topics relevant to CERT:
- Business Logic
- Insufficient Validation
- Logical Error
- Information Exposure
- Error Details
- Injection Flaws
- OS Command Injection
- Path Traversal
- Insecure Cryptography
- Insecure Randomness
- Memory Corruption
- Buffer Overflow
- Double Free
- Format String Vulnerabilities
- Heap Overflow
- Illegal Pointer Value
- Integer Overflow
- Null Dereference
- Race Conditions
- Uninitialized Variable
- Use After Free
- Security Misconfiguration
- Improper Permissions
C Embedded Coding Labs
- Buffer and Stack Overflow Protection
- Buffer Overflow
- Integer Overflow
- Double Free
- Use After Free
- Firmware Updates and Cryptographic Signatures
- Using Components From Untrusted Source
- Identity Management
- Insufficient Anti-Automation
- Transport Layer Security
- Weak Algorithm or Protocol Use
- Unprotected Transport of Sensitive Info
New Platform Features
New Engagement Insights Report
The Engagement Insights report allows admins to select a time period (last 12 months by default) and see statistics covering:
- How many new learners were added
- How many learners were active across SCW
- How many learners are currently enabled
- How many learners have been active throughout the time period selected
- How long it has been since learners were last active
- How much time learners have spent in the different modules of SCW, including Quests and Explore
A participants list shows the details of all learners and their activity from the selected time period.
Improved
Microsoft Teams is now a platform setting
We have simplified our Microsoft Teams course notification settings by making Microsoft Teams a platform setting.
Email invitations + calendar reminders for tournaments
It is now possible to send email invitations for Tournaments as part of the advanced settings. If the calendar invite setting is enabled on the communications page, the invite will also include a calendar reminder with a start & end date, and a direct link to register for the tournament.
In Preview
Quests
We've updated Quests to introduce Administration functionality. Admins can now prioritise the most important topics for the learners by setting up Goals, based on specific vulnerabilities.
This functionality is in Closed Preview, and can be enabled on request by emailing our support team (support@securecodewarrior.com), or via your Customer Success Manager.
Comments
0 comments
Please sign in to leave a comment.