Training mode in the Secure Code Warrior® platform is where a lot of action happens, when you’re not battling co-workers for leaderboard supremacy in tournaments, that is.
Outside of Courses, the Training module is where you can spend time seeking out and absorbing some really valuable information about secure coding on your own terms and outside of assigned activities like Courses or assessments.
Touching on the basics, the Training menu gives you access to some common areas which we’ll break down super-quick.
- Languages - Browse and choose from different programming languages and frameworks
- Mission Control - This is the fun part, we’ll elaborate more below…
- My Statistics - View your progress as you train within the platform
- Leaderboard - See where you currently rank in your organization
Explore Mission Control
This is where you’ll find three different realms of Application Security according to Secure Code Warrior.
Essentially, Mission Control is where you’ll access all of the different training options. When you select a level to play, each one will give you a different set of missions to follow.
OWASP Top 10
This is where you’ll learn the ropes of your skills in secure code programming, with four vulnerability categories you can train in broken down from the most critical application weaknesses to very common ones, then finally into some specifics.
Here’s a snapshot of what it looks like:
- OWASP A1-A2 - Most critical application weaknesses (Injection Flaws and Broken Authentication)
- OWASP A3-A4 - Very common application weaknesses (Sensitive Data Exposure and XXE Vulnerabilities - External Entity Injection
- OWASP A5-A7 - Broken Access Control, Security Misconfiguration and XSS Vulnerabilities (Cross-Site Scripting)
- OWASP A8-A10 - Insecure Deserialization, using components with known vulnerabilities and insufficient logging and monitoring
This is where you’ll go to learn and focus on individual vulnerability categories with in-depth training so you can practice finding and fixing certain types of issues. There are two set levels the Training Ground will focus on.
Here’s a snapshot of what this looks like in more detail:
- Most Critical Weaknesses - Focusing on the most critical application security weaknesses. These challenges will get you started on the foundations of secure development
- Common Weaknesses - Focusing on common security weaknesses. These challenges will give you an understanding of weaknesses and how to fix them
Defending Your Code
In this section of ‘Mission Control’, you’ll be able to put your skills into practice against real-world applications without knowing beforehand which types of weaknesses will appear. This offers very real experience with vulnerabilities that are likely to appear when building out an application from scratch.
Here’s a breakdown of the different areas you can work within:
- eBanking Application - An online banking application that will test your ability to find and fix vulnerabilities in a larger codebase
- FileSharing Application - A cloud file-sharing application that will test your ability to find and fix vulnerabilities in a larger codebase
- eCommerce Application - A small eCommerce application that will test your ability to find and fix vulnerabilities in a larger codebase
Each vulnerability category will be tailored to the programming languages available in the Secure Code Warrior platform. This will give you a customized Training Ground experience where you can always train on material that's OWASP ready and beyond.