Courses modules are made up of learning resources and language-specific coding challenges that allow you to build secure coding awareness and competency right into your overall cybersecurity program.
Each Course can be created to address your organization's specific training or vulnerability requirements, allowing you to build repeatable learning pathways for development teams.
The video and article below describes the steps a Company Administrator or Team Manager can take to create and publish a course.
Open Courses from the top menu and select Course Management
Select Add Course to start the course creation wizard
The Course creation wizard will guide you through configuration, starting with selecting the focus of the course, depending upon your requirements.
You have the ability to build your Course using an existing template, or you can start from scratch.
1) Build your course using one of the existing templates
- Introduction to OWASP Top 10 Awareness (with latest updates from the Web top 10 2021) - This short course is pre-populated with challenges based on the OWASP Top 10 for web languages (2021), OWASP Top 10 for mobile languages (2016) and the OWASP Top 10 for API languages (2019)
- In-depth OWASP Top 10 Awareness (with latest updates from the Web top 10 2021) - This course is pre-populated with challenges based on the OWASP Top 10 for web languages (2021), OWASP Top 10 for mobile languages (2016), and the OWASP Top 10 for API languages (2019).
- PCI DSS Recommendations - This course is prefilled with challenges based on the PCI DSS requirements (6.5 controls for software development, 4.3 & 4.7 controls for mobile).
- Secure Code Warrior Recommendations - Build a course with challenges based on our own recommendations. It takes into account OWASP and PCI-DSS standards but completes the list with more recently emerging vulnerabilities and also takes into account the prevalence of the vulnerability in a specific language or framework.
- Security Measures for "EO-Critical Software" Use Under Executive Order (EO) 14028 - This course is based on the National Institute of Standards and Technology (NIST) guidance on security measures for EO-critical software use as directed by the Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021.
- Security Awareness 101 - This course is pre-filled with videos and starter-level challenges that introduce the user to software security and the most prevalent vulnerabilities.
- Certification Program level 1 - OWASP 1-5 - Certification Program level 1 covering vulnerabilities from OWASP category 1 to 5 - beginner level
- Certification Program level 2 - OWASP 6-10 - Certification Program level 2 with a recap for OWASP category 1 to 5 AND covering vulnerabilities from OWASP category 6 to 10 - beginner level
- Certification Program level 3 - OWASP & SCW recommendations - Certification Program level 3 with a recap for OWASP category 1 to 10 AND additional SCW recommended categories - intermediate level
- Certification Program level 4 - Missions & hard challenges - Certification Program level 4 with a recap for hard challenges OWASP categories 1 to 10 AND additional missions - hard level
- Certification Program level 5 - Missions & hard challenges for OWASP 6-10 - Certification Program level 5 with missions and hard challenges for OWASP categories 6 to 10 - hard level
- OWASP Top 10 2017 Awareness - This course is pre-populated with challenges based on the OWASP Top 10 for web languages (2017), OWASP Top 10 for mobile languages (2016), and the OWASP Top 10 for API languages (2019)
2) Build your Course from scratch
- Target Specific Vulnerabilities - This allows the creation of a course that addresses specific vulnerabilities. If you choose this option, the platform will set up predefined modules for listed vulnerabilities
- Custom - Build a course from scratch with full control over videos, challenges, difficulty, and hints available on the platform for the selected programming language:framework. Learn more about creating your own course modules
Once you've chosen your focus, the languages supported by the template (or all that you are licensed for when creating a custom course) will be available on the Left-hand side.
Select the desired language from the list on the left, to remove any language:frameworks that aren't required for your course click on Add/remove languages, select the language and click 'Apply changes'
Tip If the language:framework is supported in Courses, the chosen focus vulnerabilities may not be valid for the language:framework combination. Please return to the previous page and set your focus to Target Specific Vulnerabilities or Custom before trying again.
Now you can review pre-configured course modules in the center panel. At this stage, you can also add additional modules if required.
Now it's time to add the 'end of course' activity. This allows you to share either a congratulatory message with the developers once they complete the course, or share a message and lead them to complete an assessment for that course.
Choose Message if you'd like to send a few words of recognition to the developer once they complete the course, or choose Assessment if you'd like to share a message and a link to the relevant course assessment:
Example Assessment link:
- If you choose the assessment option, one must be created beforehand so it can be selected and linked. (read more about that here.)
- The assessment also needs to cover the same language(s) as the course.
What will the developers see?
Next, click the Participants tab to assign the course to individuals, teams, or the entire organization. The course will only become available to assigned participants once it's been published.
Click the Settings tab.
At this point, you should have provided a name and description for the course. Choose naming conventions that will give participants (and yourself) a quick idea of what the course will cover.
Alternatively, If you aren't ready to publish the course, you can always save your progress by clicking 'Save as Draft’ and get back to it at a later date.
Now the Course is ready to be published. Click Publish course button