New
New Guidelines
Four new conceptual guidelines covering:
- Introduction to Security Standards
- Introduction to OWASP
- Overview of OWASP Web TOP 10
- Overview of OWASP API TOP 10
New CERT-C Course, including all new C: Basic Challenges and Guidelines
34 new challenges and 17 new guidelines aligned with the CERT-C standard, covering:
- Business Logic
- Insufficient Validation
- Logical Error
- Insecure Cryptography
- Insecure Randomness
- Information Exposure
- Error Details
- Injection Flaws
- OS Command Injection
- Path Traversal
- Memory Corruption
- Buffer Overflow
- Double Free
- Format String Vulnerabilities
- Heap Overflow
- Illegal Pointer Value
- Integer Overflow
- Null Dereference
- Race Conditions
- Uninitialized Variable
- Use After Free
- Security Misconfiguration
- Improper Permissions
New PCI DSS v4.0 Concepts and Compliance course
A new course designed to provide efficient conceptual PCI DSS Compliance security training for developers. New Guidelines incorporated into this lesson include:
- PCI DSS - Introduction to PCI DSS Developer Training
- PCI DSS - PCI DSS v4.0 Requirements 1-4
- PCI DSS - PCI DSS v4.0 Requirements 5-12
- PCI DSS - Real-World Example
- PCI DSS - Preparing for a PCI DSS Assessment
Improved
Guidelines are now translated
When viewing Guidelines in Explore, Quests or Courses, the text is translated based on the language selected in the user's profile settings.
Python Basic code snippets added to Guidelines
We've added Python Basic code snippet support to the following Guidelines:
- Access Control
- Missing Function Level Access Control
- Missing Object Level Access Control
- Authentication
- Improper Authentication
- Improper Assets Management
- Improper Assets Management
- Information Exposure
- Sensitive Data Exposure
- Insecure Cryptography
- Weak Algorithm Use
- Insufficient Transport Layer Protection
- Unprotected Transport of Sensitive Information
- Security Misconfiguration
- Improper or Missing HTTP Headers
Infrastructure as Code (IaC) guidelines now have code snippets for Ansible and CloudFormation
Our IaC guidelines have been updated and now provide code sample variants for Ansible and CloudFormation. The following guidelines have been updated:
- Access Control
- Missing Function Level Access Control
- Authentication
- Insufficiently Protected Credentials
- Business Logic
- Insufficient Validation
- Logical Error
- Information Exposure
- Sensitive Data Exposure
- Insufficient Logging and Monitoring
- Insufficient Logging and Monitoring
- Insufficient Transport Layer Protection
- Unprotected Transport of Sensitive Information
- Security Misconfiguration
- Disabled Security Features
- Improper Permissions
- Information Exposure
- Sensitive Data Storage
- Plaintext Storage of Sensitive Information
- Vulnerable Components
- Using Components From Untrusted Source
- Using Known Vulnerable Components
New Assessment configuration options
Admins can now choose further configuration options in Assessments.
- Choose challenge type
- Alternate between Identify/Fix and Locate/Fix (default)
- Identify/Fix only
- Locate/Fix only
- Enforce challenge difficulty
- When switched on, the correct challenge difficulty will always be served up even if the challenge has been played in the past
- When switched off, the correct challenge difficulty will be served up provided it hasn't been played in the past. If all of the correct challenges have been played in the past, a challenge of different difficulty will be selected in its place (this is the current behaviour, and the setting is defaulted to this)
Comments
0 comments
Please sign in to leave a comment.