New
Quests
The full learning experience of Quests has now been released to all customers.
- Create Quests using specific vulnerabilities, or using the "Most Common Vulnerabilities" objective. "Most Common Vulnerabilities provides each learner with the top 3 vulnerabilities recommended by SCW for each of the language families they've selected to learn about.
- Turn Quests, Guided Learning and Legacy Reports on/off via toggles (Administration -> Platform Configuration -> More -> Select Learner Experience)
- Switch on/off Quest-based emails (Administration -> Communications -> Send Quest based emails)
- View a report showing the progress within a specific Quest
All users can see
- "My Quests" on the top navigation - a page which shows any Quests assigned to the learner, with learning prioritized for them based on due date, and mandatory/optional status
- "Learn" on the top navigation - a page which shows a complete, self-paced learning path for a learner's chosen languages
When Guided Learning is turned off, the learner's home page is "My Quests".
Trust Agent
You can now configure a minimum required Skill Level in your Trust Agent policy, allowing you to define a skill-based criteria for commits being made by your developers. Please see this Help Center article for more information.
A new filter is also now available that allows you to hide non-code commits in the dashboard that may be a source of noise in your analysis.
Content
New LLM Content
- Walkthrough for Vector and Embedding Weaknesses
- Case Study for Model Poisoning
- Case Study for Supply Chain Vulnerabilities
New content for Java Enterprise Edition API, Java Spring, Java Spring API, and Javascript React
- 10 new Java Enterprise Edition API coding labs
- 20 new Java Spring challenges
- 2 new Java Spring coding labs
- 7 new Java Spring API coding labs
- 12 new JavaScript React challenges
New mobile security guidelines
Each of these guidelines is available with language-specific code samples in Dart Flutter, Java Android SDK, JavaScript React Native, Kotlin Android SDK, Objective-C iOS SDK, Pseudocode Mobile, and Swift iOS SDK.
- Broken Cryptography: Use Of Insecure/Deprecated Algorithms
- Client Side Injection: JavaScript Injection
- Code Tampering: Tampering Detection
- Improper Platform Usage: Webview Settings
- Insecure Authentication: Hardcoded API Keys
- Insecure Authentication: Storing Credentials With 'Remember Me' Functionality
- Insecure Data Storage: Plaintext Storage Of Credentials
- Insecure Data Storage: Storage In SQLite Databases
- Insufficient Transport Layer Protection: Communication Over Cleartext Protocol
- Unintended Data Leakage: Logging Sensitive Information
New Foundations of Software Security guidelines
- Overview of Secure Design Principles
- Introduction to Common Weakness Enumeration (CWE) Category System
- Introduction to OWASP Application Security Verification Standard (ASVS)
- Introduction to SEI CERT Coding Standards
New Course Templates
Modern C Security
This short, introductory conceptual course explores the complexities of C from a security perspective, covering major vulnerabilities like string handling, memory management, integer overflow, and format string attacks, along with strategies to mitigate them.
Modern C++ Security
This short, introductory conceptual course explores the complexities of C++ from a security perspective, covering major vulnerabilities like string handling, memory management, integer overflow, and format string attacks, along with strategies to mitigate them.
Secure Programming for Go
This short, conceptual course covers secure programming in Go, focusing on web interface security, concurrency, session management, cryptography, and error handling, with strategies to prevent common vulnerabilities.
Comments
0 comments
Please sign in to leave a comment.