- Added team-level tagging in API endpoints, making it easier for company admins to manage developers by departments/functions. (PLATFORM)
- Added Courses start-date and end-date data in exportable data files (csv format), helping program managers to keep the progress of PCI compliance training on track. (PLATFORM)
- Supported German content in the platform. (CONTENT)
- The secure coding extension for the Jira Data Center edition is available. Developers can learn about related vulnerabilities right inside their tickets. (INTEGRATION)
- Enabled the End-of-Course activity to support all active types of assessment, making it easier to manage a long-term security program. (PLATFORM)
- Improved the structure of the "Privacy" section in "Company Preferences" settings, admins will find it easier to manage privacy settings across different play modes. (PLATFORM)
- Docker now has in total of 54 challenges (▲17). (CONTENT)
- Renamed racially insensitive “Whitelist/Blacklist” to “Allowlist/Denylist” across all platform content. (CONTENT)
- Supported 2 additional languages, Pseudocode and Java:JSF in Missions - Bonus Level in Tournaments. (CONTENT)
- Missions can now be played in your subscription as a Bonus Level in Tournaments. (PLATFORM)
- Bonus Level in Tournaments are now automatically enabled for eligible language:frameworks (unless disabled by Admin), increasing the difficulty of the tournament and thus more engaging for more experienced developers.
- 40 Missions will be made available in 7 web languages - C# Core, C# MVC, C# Webforms, Java Enterprise Edition, Java Spring, Node.js Express, Python Django. Additional languages will be progressively added. (CONTENT)
- Three new language frameworks: (CONTENT)
- Kotlin Spring API (35 challenges), allows back-end developers to train and explore the Kotlin language through the Spring API framework library.
- Salesforce APEX (46 challenges), Salesforce APEX, used on the Salesforce platform, allows customers to extend the capabilities of Salesforce for their specific needs. Your SFDC instance contains essential customer and confidential information. With this new content you can now ensure developers and contractors touching or interacting with your code base are coding securely. Invite them to your team today. Find out how you can invite your Salesforce APEX developers to the platform here.
- Reinforce structured learning with just-in-time training snippets using GitHub Action workflows. Learn more about building coding skills at every stage of the SSDLC here. Get the Secure Code Warrior GitHub Action from the marketplace today!
- Sensei now available on the JetBrains Marketplace for organisations and developers to try it for themselves. (SENSEI)
- Added the ability to add tags onto recipes, allowing users to add custom metadata which can be used to categorize and group recipes.
- Added our variable browser into the recipe editor in more places. The variables shown are relative to the selected target. This helps developers understand their code and craft a good recipe with less effort.
- Increased the number of Python:Basic challenges 59 challenges (▲ 17), providing greater content options for developers requiring framework-agnostic training. (CONTENT)
- Review of Common Weakness Enumeration (CWE) mapping against platform vulnerability categories (more than 30%) with the inclusion of more CWE ID’s (particularly for mobile specific vulnerabilities). This review will significantly improve in the reporting of challenge vulnerabilities. (CONTENT)
- As an extension of platform anonymization, company admins will now have the option to hide API Key generation for ‘all roles’, providing increased personal information security when generating reporting API keys. (PLATFORM)
- Enabled finish-date modification for published/unpublished courses. When you go to the course management pages of those courses, you will see an edit button under Course End Date.
- Introduced a new scripting/command-line language, Powershell, to the platform with 30 Challenges, securing your DevOps, DBA, and business automation teams' development.
- Launched Secure Code Bootcamp on Google PlayStore. It is a free and interactive game for beginners to learn secure coding knowledge.
- Extend anonymization capability to the whole platform, including Courses, settings, and search options. Companies are able to have No-PII reporting.
- Introduced more challenges for 4 languages, providing more playtime and difficulty levels for these languages in tournaments:
- C#(.NET):Core - 176 Challenges (▲126)
- Java:Enterprise Edition (JSP) - 475 Challenges (▲60)
- Java:Spring - 495 Challenges (▲53)
- Perl:Dancer 2 - 90 Challenges (▲15)
- Implemented more consistent naming conventions in learning resources videos, providing a better education quality.
- Fixed the occasional max-point issue in mix-language tournaments. Maximum points are guaranteed to be the same for all participants, making tournaments fair for all.
- Introducing standard Java with 68 Challenges, providing developers who code in Java (without any frameworks) with relevant security training.
- 10 additional languages have been enabled for Courses - Company admins and team managers can now create a course from scratch from these languages.
- Rust - 31 Challenges,
- Java:Servlets - 40 Challenges,
- Java:Struts - 51 Challenges,
- Perl:Dancer2 - 75 Challenges.
- PHP:Symfony - 44 Challenges,
- Angular 1 - 8 Challenges,
- Swift:iOS SDK - 141 Challenges,
- PL/SQL - 44 Challenges
- Added new Pseudocode content with challenges focusing on mobile vulnerabilities - 66 Challenges. These new additions allow non-coding users to experience, learn and understand the concepts around mobile vulnerabilities without needing to know or specialize in a specific in a specific coding language:framework.
- New video content covering Mobile Vulnerabilities: Reverse Engineering/Code Information Leakage, Improper Session Handling/Client Side Session Token Generation.
- New video content covering Web Vulnerabilities: Authentication/Forceful Browsing, Information Exposure/Error Details, Memory Corruption/Race Conditions.
- Two updates for Courses: Custom Activity and End of Course Activity
- Anonymization has now been enabled. Company Administrators are now able to toggle on the anonymization of personal identifiers on the platform. This will allow customers to comply with regulatory requirements that require personal identifiable information or performance information of individual users to be anonymized within the company.
- Improvements have been made to existing Java:Spring challenges enhancing overall content and quality of challenges for the developer.
- Improved Java:Enterprise Edition JSP challenges to provide developers with more solid training.
- 14 more language:frameworks are Courses ready:
- Ansible - 50 Challenges (▲26),
- Docker - 37 Challenges (▲1),
- CloudFormation - 36 Challenges,
- Terraform - 24 Challenges,
- Kubernetes - 31 Challenges (▲7).
- 6 API language:frameworks:
- C# (.NET): Web API - 47 Challenges (▲3),
- Java:Spring API - 35 Challenges,
- Java:EE API - 35 Challenges,
- GO:API - 35 Challenges,
- Python:API - 35 Challenges,
- Objective-C - 76 Challenges,
- Python:Flask - 60 Challenges (▲16),
- C# (.NET):Basic - 40 Challenges.
- Added "First Completion Date" in the Courses reporting API. Monitoring developers' study progress to meet compliance schedule is easier.
- Anonymization for Tournament Leaderboard is now available, providing Company Admins more options to protect developers' privacy.
- Team Managers and Company Admins will see better report accuracy when tracking developer engagement on the platform, due to improvements in the time calculations. This change will only affect time spent data after July 3rd.
- Pseudocode challenges now cover all Web Vulnerability categories, providing developers and non-developers alike with a broader awareness of secure coding for web applications. 84 Challenges (▲38).
- PL/SQL language is now Assessment ready with 35 Challenges (▲3).
- Added more challenges in web languages:
- Java:Spring - 507 Challenges (▲106),
- Java:Servlets - 40 Challenges (▲3),
- C# (.NET):Web Forms - 382 Challenges (▲10),
- Ruby:Rails - 234 Challenges (▲8),
- Scala:Play - 201 Challenges (▲8),
- PHP:Symfony - 44 Challenges (▲3).
- Reworked on the quality of 96 Java:Spring challenges, providing developers with more solid training.
- Introducing two new language:frameworks to the platform:
- Python: Web API with 35 Challenges.
- Go: Web API with 35 Challenges.
- New video content covering Web Vulnerability: Insufficient Transport Layer Protection/Unprotected Transport of Credentials
- New video content covering Mobile Vulnerability: Improper Platform Usage/Tapjacking, Insecure Authentication/Client-Side Authentication For Authenticating To Server, Insecure Authentication/Misuse of Fingerprint, Insecure Authentication/Weak Lockout Mechanism, Improper Platform Usage/Incorrect Activity Configuration, Improper Platform Usage/Misuse of Intents.
- Secure Code Warrior for Jira (Jira Cloud and Jira Server versions) have now been introduced to Public Labs, accessible through Atlassian Marketplace. Secure Code Warrior for Jira, provides just-in-time contextual micro-learning (on-premises and cloud variant) to developers as they work to resolve security issues.
- Improved localization of content. Platform admins can now select the language localization (US or UK English) relevant to their company, improving the immersiveness of content, user experience, and engagement.
- Significant improvement of existing Pseudocode challenges, enhancing overall content and quality of challenges for the developer.
- Addressed and implemented a number of user interface fixes, which look to improving both overall user play experience and eliminating administrative confusion.
- Identified and fixed an issue where the solution dropdown could not be selected by the developer.
- Fixed an issue where changes to the title of a course were not being reflected when viewed by the developer.
- Significant improvement to the length of time to export training leaderboard and related reports, team admins will now receive the exported report by email in a more timely manner.
- Performance improvement and scalability of reports resulting in faster response times and report retrieval for the user.
- Introducing two new language:frameworks to the platform:
- Node.js API with 35 challenges.
- New video content will be made available in the following week, covering Mobile vulnerabilities: Lack Of Binary Protections/No Protection From Piracy, Unintended Data Leakage/Copy/Paste Buffer Caching (Pasteboard), Unintended Data Leakage/Logging Sensitive Information
- New video content will be made available in the following week covering API Vulnerability: Access Control - Missing Object Level Access Control, Security Misconfiguration - Improper Permissions.
- Courses is available to Secure Code Warrior Labs. Company Administrators will be able to opt-in to Secure Code Warrior Labs for a team or their entire company to test drive new features and offer feedback
- Java Enterprise Edition (JSP) has now reached 373 Challenges (▲57).
- Support for Microsoft Azure within the Ansible Basic Challenges providing content to support organizations using different cloud infrastructure.
- Enhancement to the User Management API. You can now update your user’s email address programmatically via the API.
- Added French spoken language support to the platform, improving navigation and overall user experience for French-speaking users by making the user interface content available in their native tongue.
- Introduced three new language:frameworks to the platform:
- Kubernetes an Infrastructure-as-code language with 24 challenges.
- Java:Enterprise Edition API with 35 challenges.
- Rust with 31 challenges.
- We've introduced additional challenges to our Go content, providing developers of different experience levels from junior to senior with a greater variety of challenges to best suit their different skill levels - 184 challenges (▲29).
- Improved team and user management capabilities via API:
- Better reporting - Managers are now able to retrieve detailed information on each team and its members via the API, providing managers with better insight to more efficiently manage their teams.
- User's last login date - Team managers are now able to see an individual user's last login date, providing managers with better visibility to monitor Platform usage.
- Improved the retrieval performance of the Assessment Summary report (CSV), providing better insights to help manage teams.
- Reviewed platform user interface when selecting Vulnerability Category options, ensuring that all options are relevant and up-to-date for the user.
- The Weekly Active Summary report email has been reviewed and is showing the activity metrics of platform users for the client, helping provide better transparency on platform usage and utilization.
- Introducing two new language: frameworks - Python:Basic, with 41 challenges and Java:Spring API with 35 challenges.
- Java:Spring has reached 399 challenges (▲94).
- C# (.NET):Web Forms has now reached 382 challenges (▲126).
- Ruby:Rails now Mixed Tournament Ready with 233 challenges (▲14).
- Improved quality of challenges for Kotlin:Android SDK.
- Introducing new language: framework Perl:Dancer2, with 31 Challenges.
- Added new Web vulnerability video resources covering; Side Channel Vulnerability/Timing Attack, Access Control/Using input from untrusted sources, Business Logic/Insufficient Validation, Injection/CSS Injection, Memory Corruption/Double Free, Injection Flaws/Log Forging.
- Java: Enterprise Edition (JSP) has reached 314 challenges (▲79).
- Improved quality of Challenges for C# (.NET):MVC.
- Revised accuracy of Chinese and Spanish translations.
- Improved usability when playing Challenges to help developers choose the correct solution when fixing a vulnerability.
- Fixed vulnerability category display issue when playing 'Identify' stage.
- Expanding on last month’s newly introduced Infrastructure-as-Code language: framework - we’ve added two new Infrastructure-as-Code language: framework - Ansible (▲24) and Docker (▲24).
- New training videos covering Mobile languages: Broken Cryptography/Insecure Generation Of Encryption Keys, Broken Cryptography/Insecure Storage Of Encryption Keys, Broken Cryptography/Reuse Of Initialization Vector, Broken Cryptography/Use Of Hardcoded Keys, Client Code Quality/Improper Memory Management.
- Enhanced tool-tips and guidance for Administrators and Team Managers when editing Assessments to help make them aware of what edits will create a new Assessment version.
- More challenges for Node.js (Express) now at 279 challenges (▲5).
- C# (.NET): Webforms and Java: Enterprise Edition (JSF) are now mixed-tournament ready with 274 and 146 challenges respectively.
- First Infrastructure-as-Code (IaC) language:frameworks now available covering Terraform (▲24) and AWS CloudFormation (▲32).
- Foster genuine learning by limiting the number of Assessment attempts within a specified timeframe.
- Multiple API Keys – Company Admins now have the ability to generate more than one Report or Admin API Key's for their Company.
- Updated user object in API so that a Developers preferred programming language can be specified.
- PL/SQL one of our most played language:framework is now top-10 ready with 25 challenges available (▲17).
- Updated mobile vulnerability video resources covering; Reverse Engineering, Insufficient Transport Layer Protection, Extraneous Functionality, Broken Cryptography and Code Tampering.