If you want to level up your security maturity, there’s always something you can do. In training mode, you can view statistics about your skills in the My Statistics page to see how far you’ve come since the early days.
We find that the way forward mostly comes down to two components: technology and experience.
Before we examine those components further, take a look at how Secure Code Warrior® considers security maturity.
Depending on specific criteria, you’ll be scaled into one of the following maturity levels:
Security Maturity criteria covers:
- Points
- Accuracy
- Confidence
For more information on how the criteria is calculated please refer to the Guide to Management Metrics and Statistics or Guide to Developer Metrics and Statistics
Beginner |
Security Aware |
Security Skilled |
Security Champion |
No requirements |
Points: 4000 |
Points: 8000 |
Points: 12000 |
Accuracy: 20% |
Accuracy: 60% |
Accuracy: 90% |
|
Challenges: 20 |
Challenges: 40 |
Challenges: 60 |
- Play challenges in different programming languages/frameworks. (Recommended)
- Replay the quests you have already completed because there is a chance that you will be served a new challenge that you haven't played before which would increase your points, accuracy, and challenges played. Please keep in mind that playing a challenge that you have already played before will update your security maturity metrics only if more than 30 days have passed.
- Accuracy is based on attempts, therefore replaying challenges after 30 days will not replace the previously achieved results but include both new and old attempts for the same challenge.
Specific Programming Language and Frameworks
In many organizations, there are several types of developers from front-end to back-end, mobile, and main-frame. This can pose a bit of a challenge when it comes to training.
Slides and videos are good for grasping the initial understanding of concepts, but to really build secure coding muscle memory, one must train on the technology that’s used every day to get the full benefit.
On the Secure Code Warrior learning platform, we have worked hard on delivering just that - hands-on, code-level challenges in multiple languages and corresponding frameworks.
Within the platform, you can dip in and out of challenges in 60+ languages and frameworks, including, but not limited to;
- Java (EE & Spring)
- .NET (MVC & WebForms)
- Javascript (Node, React & Angular.io)
- Python (Django)
- Ruby (Rails)
- Scala (Play)
- IOS Objective - C
- Android
Click here for the latest language and frameworks available on Secure Code Warrior
This style of training helps build core skills around awareness and problem solving, much more so than any old slide deck or video. It encourages building new skills in different languages outside of the ones you use regularly.
Challenge yourself using the right tools and you’ll be rewarded with awesome, desirable security skills
Hands-on Experience
From interns and graduates to new hires and seasoned developers, variations in secure coding skills are always going to come up. Some developers will have had previous exposure to secure code training, but for some, the Secure Code Warrior platform might be their first undertaking of this kind of training.
Secure Code Warrior Training Module provides access to three levels of training that cater to different experience levels.
- OWASP Top 10
- Training Ground
- Defending Your Code
OWASP Top 10
- Missions that focus on the OWASP Application Security Risks
Training Ground
- Missions that focus on one specific application security vulnerability at a time. This makes it easier to understand for developers without a background in security
Defending Your Code
- These missions are realistic simulations with real-world applications and complex code to test your secure coding prowess
Using Secure Code Warrior helps you gain experience across a wide range of scenarios that extends beyond the training environment. As we’ve learned from so many excellent video games, experience makes you stronger, helps you learn, and makes you stand out from the crowd.
Combining the right tech with experience and know-how will level up your security maturity in no time.
Comments
0 comments
Please sign in to leave a comment.