Courses modules are made up of learning resources and language-specific coding challenges that allow you to build secure coding awareness and competency right into your overall cybersecurity program.
Each Course can be created to address your organization's specific training or vulnerability requirements, allowing you to build repeatable learning pathways for development teams.
The article below describes the steps a Company Administrator or Team Manager can take to create and publish a course.
Open Courses from the top menu and select Course Management
Select Add Course to start the course creation wizard
The Course creation wizard will guide you through configuration, starting with selecting the focus of the course, depending upon your requirements.
You have the ability to build your Course using an existing template, or you can start from scratch.
1) Build your course using one of the existing templates
Introductory Course -This is an introductory course that will provide you with an overview of various interactive learning activities available in Secure Code Warrior. This short course is recommended for all new platform users as a first platform activity.
Introduction to OWASP Top 10 Awareness (with latest updates from the Web top 10 2021) - This short course is pre-populated with challenges based on the OWASP Top 10 for web languages (2021), OWASP Top 10 for mobile languages (2016) and the OWASP Top 10 for API languages (2019)
In-depth OWASP Top 10 Awareness (with latest updates from the Web top 10 2021) - This course is pre-populated with challenges based on the OWASP Top 10 for web languages (2021), OWASP Top 10 for mobile languages (2016), and the OWASP Top 10 for API languages (2019).
PCI DSS v4.0 Recommendations - This course is prefilled with challenges based on the PCI DSS v4 requirements. (controls 2 to 8 and 10 for software development, 4.3 & 4.7 controls for mobile).
Secure Code Warrior Recommendations - Build a course with challenges based on our own recommendations. It takes into account OWASP and PCI-DSS standards but completes the list with more recently emerging vulnerabilities and also takes into account the prevalence of the vulnerability in a specific language or framework.
- Security Measures for "EO-Critical Software" Use Under Executive Order (EO) 14028 - This course is based on the National Institute of Standards and Technology (NIST) guidance on security measures for EO-critical software use as directed by the Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021.
Security Awareness 101 - This course is pre-filled with videos and starter-level challenges that introduce the user to software security and the most prevalent vulnerabilities.
Certification Program level 1 - OWASP 1-5 - Certification Program level 1 covers vulnerabilities from OWASP category 1 to 5 - beginner level
Certification Program level 2 - OWASP 6-10 - Certification Program level 2 with a recap for OWASP category 1 to 5 AND covering vulnerabilities from OWASP category 6 to 10 - beginner level
Certification Program level 3 - OWASP & SCW recommendations - Certification Program level 3 with a recap for OWASP categories 1 to 10 AND additional SCW recommended categories - intermediate level
Certification Program level 4 - Missions & hard challenges - Certification Program level 4 with a recap for hard challenges OWASP categories 1 to 10 AND additional missions - hard level
Certification Program level 5 - Missions & hard challenges for OWASP 6-10 - Certification Program level 5 with missions and hard challenges for OWASP categories 6 to 10 - hard level
Storyline OWASP TOP 10 2021 - This course is a storyline that guides you through the basics of OWASP TOP 10 2021. The course builds up learning with multiple learning activities from watching videos, reading deep dives on vulnerabilities out of our guidelines, performing the exploit, analyzing the code, and pinpointing the vulnerability to fixing it.
- OWASP Top 10 2017 Awareness - This course is pre-populated with challenges based on the OWASP Top 10 for web languages (2017), OWASP Top 10 for mobile languages (2016), and OWASP Top 10 for API languages (2019).
- PCI DSS v3.2.1 Recommendations - This course is prefilled with challenges based on the PCI DSS requirements (6.5 controls for software development, 4.3 & 4.7 controls for mobile)
2) Build your Course from scratch
Target Specific Vulnerabilities - This allows the creation of a course that addresses specific vulnerabilities. If you choose this option, the platform will set up predefined modules for listed vulnerabilities
Custom - Build a course from scratch with full control over videos, challenges, difficulty, and hints available on the platform for the selected programming language:framework. Learn more about creating your own course modules
Add a single welcome or course introduction message that will be displayed for all the languages covered in the course.
Once you move to the Course Content section, you can view the course at a high level or expand activities for a closer look at them.
Additionally, you can:
- Select multiple languages and modules for bulk-actions
- Manage the columns in the table and the order of the columns
- Search, sort, and filter the content in the course
Select the desired language from the list on the left. To remove any language:frameworks that aren't required for your course, click on Bulk actions and select the remove languages option.
Now you can review pre-configured course modules in the content table. At this stage, you can also add additional modules if required.
Courses content curation flow is streamlined to let administrators add content to the selected language(s) by:
1) Copying existing modules
Select copy existing modules option
Select the language and the module you would like to copy then click the Add content button
2) Adding new modules:
- Add new modules from a template
- Add new vulnerability modules
- Add a new custom modules
Now it's time to add the end-of-course activity.
Global end-of-course message
This allows you to share a congratulatory message with the developers once they complete the course
This allows you to share a message and lead them to complete an assessment for that course. You can choose between two options:
- Single end-of-course assessment
- Maintain individual end-of-course assessments for each language all on one screen
- If you choose the assessment option, one must be created beforehand so it can be selected and linked. (read more about that here.)
- The assessment must also cover the same language(s) as the course.
Click the Other Settings tab.
At this point, you should have provided a name and description for the course. Choose naming conventions that will give participants (and yourself) a quick idea of what the course will cover.
You can now select the end date, badge, and email notifications
Alternatively, If you aren't ready to publish the course, you can always save your progress by clicking 'Save as Draft’ and get back to it at a later date.
Course End Date:
- None: Use this option to create a course with no deadline.
- Time Limit: Set a time limit in days. Developers will need to complete the course within this time frame from the moment of enrollment.
End Date: Set s deadline for the course. When the end date is reached the course will be marked as expired and developers won't be able to start/resume the course.
- Send email notifications when course is published: Invited developers will receive email notifications when the course is published, as well as receive reminders 3 and 5 days before the course end date if they have not yet started or completed the course.
Send email notifications to enrolled and invited developers if the course end-date is updated: All participants will receive a notification when the end date is changed.
LMS Management: Check this setting to enable a SCORM package download that can be imported into your LMS. This will automatically enable company-wide auto-assignment, disable notifications and disable course end-date management to delegate these options to your LMS. In addition, it will require participants to access this course via the LMS to enable completion to be reported back to the LMS.
- Published course updates: Each course has several options available which can be configured to control how the published course can be edited, and what impact editing the course will have on course participants. For more details, please read How to Edit a Course
Now the Course is ready to be published. Click Publish course button to publish the course or Save as preview to trial the course
- How to Assign Participants to a Published Course
- How to Add Badges to a Course
- Editing a Course
- Working with Course Versions
- How do I preview and test a course?