We're here to help

Menu

    How to Create a Course

    Avatar
    Secure Code Warrior Elves
    • Updated
    Follow

    Courses modules are made up of learning resources and language-specific coding challenges that allow you to build secure coding awareness and competency right into your overall cybersecurity program. 

    Each course can be created to address your organization's specific training or vulnerability requirements, allowing you to build repeatable learning pathways for development teams.

    This article describes the steps a Company Administrator or Team Manager can take to create and publish a course.

    NOTE: Only Company Administrators and Team Managers can create a course.

     

    Step 1

    Open Courses from the top menu and select Course Management

    2020-03-16_13-16-44.png


    Step 2

    Select Add Course to start the course creation wizard

    CourseManagement.png

     

    Step 3

    The course creation wizard will guide you through configuration, starting with selecting the focus of the course, depending upon your requirements.

    TIP: Build multi-language Courses using the Target Specific Vulnerabilities, OWASP Top 10 Awareness, and Other options to combine languages:frameworks and save time.

    Screen_Shot_2020-03-18_at_1.36.17_PM.png

    1. OWASP Top 10 Awareness - Contains pre-configured templates that cover OWASP Top 10 categories including;
      • A1-Injection, A2-Broken Authentication, A3-Sensitive Data Storage, A4-XML External Entities, A5-Broken Authentication Control, A6-Security Misconfiguration, A7-Cross-Site Scripting, A8-Insecure Deserialization, A9-Using Components with Known Vulnerabilities and A10-Insufficient Logging & Monitoring.

         TIP: The OWASP Top 10 Template will assist in meeting PCI-DSS requirement #6.5. 
      • Train developers at least annually in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities
      • Develop applications based on secure coding guidelines
    2. Target Specific Vulnerabilities - This allows the creation of a course that addresses specific vulnerabilities. If you choose this option, the platform will set up predefined modules for listed vulnerabilities

    3. Other - Build a course from scratch with full control over videos, challenges, difficulty, and hints available on the platform for the selected programming language:framework. Learn more about creating your own course modules

    4. Injection Flaws  - This is a deeper dive into many different types of Injection vulnerabilities like SQL, NoSQL, OS Command Injection, and Code injection

    5. Frontend Top 8 Awareness - Contains pre-configured templates that cover React and Angular frontend vulnerabilities, including;
      • XSS, CSRF, Authentication & Session, Insufficient Logging, Insecure Transport Layer Protection and Sensitive Data, Information Exposure & Security Misconfiguration, Vulnerable Components and Injection
    6. Desktop Top 10 Awareness - Contains pre-configured templates that cover C++ and C: desktop vulnerabilities, including;
      • Memory Corruption, Injection, Information Exposure, Insecure Cryptography, Sensitive Data Storage, XML External Entities (XXE), Business Logic, Denial of Service, and Access Control
    7. Database Top 6 Awareness -  Contains pre-configured templates that cover PL/SQL database vulnerabilities, including;
      • Injection Flaws, Sensitive Data Storage, Security Misconfiguration, Denial of Service (DoS), XML External Entities (XXE) and Insufficient Logging and Monitoring
    8. Mainframe Top 10 Awareness -  Contains pre-configured templates that cover Cobalt mainframe vulnerabilities

    Step 4

    Once you've chosen your focus, remove any language:frameworks that aren't required for your course.

    Then click Proceed to: Course Content to review and/or edit course modules

    next-step.png

    Note: If the required langauge:framework is not displayed at this point, it may not be Courses enabled. Please check here to view supported Courses languages.

    If the language:framework is supported in Courses, the chosen focus vulnerabilities may not be valid for the language:framework combination.

    Please return to the previous page and set your focus to Target Specific Vulnerabilities or Other before trying again. 


    Step 5

    Select the desired language from the list on the left and review pre-configured course modules in the center panel. At this stage, you can also add additional modules if required. 

    Please see How to create your own course module for more details on creating and editing a custom course module

    2020-03-16_13-41-01.png

    IMPORTANT: Pre-built templates are language-specific. Any template change made to one language must also be made to all other languages on the list.

     

    Step 6 

    Now it's time to add the 'end of course' activity. This allows you to share either a congratulatory message with the developers once they complete the course, or share a message and lead them to complete an assessment for that course.

    Courses_Add_activity_.png

    Choose Message if you'd like to send a few words of recognition to the developer once they complete the course, or choose Assessment if you'd like to share a message and a link to the relevant course assessment:

    Add_Activity_Step_1_.png

    Example Message:

    Add_activity_example_message.png

    Example Assessment link:


    Add_activity_Link_assessment_.png

    IMPORTANT NOTES:
    1. If you choose the assessment option, one must be created beforehand so it can be selected and linked. (read more about that here.) 
    2. The assessment also needs to cover the same language(s) as the course.
    3. The assessment needs to be set up using the 'self-assessment' option so it can be selected as an end of course activity. No invitations need to be sent out for this type of assessment; developers can just access it using the link.



    What will the developers see?

    What_will_the_developers_see_Message.png

    What_will_the_developers_see_Assessment.png



    Step 7

    Next, click Proceed to: Assign Participants to assign the course to individuals or teams.

    Please see Assigning participants to course for more details

    Note: The course will only become available to assigned participants once it's been published.

    Screen_Shot_2020-03-18_at_1.44.08_PM.png 

    Step 8

    Click Proceed to: Publish to make the course available to the assigned participants. 

    At this point, you'll also be asked to provide a name and description for the course. Choose naming conventions that will give participants (and yourself) a quick idea of what the course will cover.

    Screen_Shot_2020-03-18_at_1.39.48_PM.png

    Alternatively, If you aren't ready to publish the course, you can always save your progress by clicking 'Save as Draft’ and get back to it at a later date. 

     

    Next Steps

    How to Add Badges to a Course

    Best Practice Guide to Setting Up the Structure for Your Course.

    Editing a Course

     

     

     

     

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.