Secure Code Warrior® has just launched an enhanced version of our challenges which mirror real-world PR/code reviews, making them relatable to developers' everyday work.
In this new version, we have streamlined the experience by providing only the necessary context, allowing learners to focus entirely on vulnerabilities, their impact, and the best-practice fixes. After completing the challenge, learners will not only understand why the correct answers are right but also gain insights into why each incorrect answer is wrong.
What's Available
We have released 10 pieces of new content in a beta version of our V2 Challenge Player that are available only in Explore.
- Python Basic: 7 Challenges
- Java Basic: 3 Challenges
Note: Stay tuned, more Java Basic and JavaScript React challenges are coming soon
Since Challenge V2 is in Beta, please note the following:
- Challenge V2 activity will not be visible in reports
- Challenge V2 activity will not be reflected in the Trust Score
- Challenge V2 completions and progress are not being saved.
How to Play V2 Challenge
Step 1
Navigate to Explore from the top menu
Step 2
From the activity type filter choose "Challenge V2 - BETA"
Step 3
Select the challenge you want to complete
Tip: You can filter by language and vulnerability category
Step 4
Now review the code, similar to a standard code review process, then decide whether to approve or reject it. There are options:
- Reject and comment
- Approve
Step 5
The flow will vary depending on whether you approve or reject the code
1. Approve vulnerable code
If you approve the code and it contains vulnerabilities, you will receive feedback highlighting the vulnerable line(s) of code for you to review, and select the vulnerability in the code
2. Reject vulnerable code
If you reject the code, you need to provide a reason for the rejection. Just like in a pull request, identify the specific line(s) that you believe contain the issue.
When you select a piece of code, you will be prompted to confirm that this is the insecure code you want to flag, click yes to proceed
Step 6
If the selected piece of code contains a vulnerability, you will receive feedback confirming that you are correct. You will then be prompted to select the vulnerability introduced by the code.
Select the appropriate vulnerability and click the "Submit comment" button to proceed
If you selected the wrong vulnerability, you will receive feedback indicating that your choice was incorrect. You will have the opportunity to try again by selecting a different vulnerability.
Select a different vulnerability and click the "Submit comment" button to proceed
Step 7
Upon selecting the correct vulnerability in the code, you will be prompted to select the best way to fix it.
Select one of the provided options and click the "Submit comment" button to proceed.
Step 8
If you select the correct fix, you will receive feedback confirming your choice. If you select the wrong fix you will also receive feedback indicating that your selection was incorrect, and you will be prompted to choose a different fix
Make sure you check the key takeaways section which provides:
- An overview of the vulnerability
- Reasons why the selected fix was the best solution.
- More clarity on why the other options weren't ideal.
Note: We provide the same set of feedback at the end of the activity regardless of how you answered it
You can also watch this video which covers the same steps outlined in this article.
Share Your Feedback With Us
We are so keen to hear your feedback! If you want to have a hand in shaping the next version of our challenges, let us know what you think. You can share your feedback directly with your CSM or submit it via the "Submit bug or feedback" button on the platform.
Comments
0 comments
Please sign in to leave a comment.