December 2021
NEW
-
Course Templates:
- Program Certification Level 4 (with Missions). (CONTENT)
Content focused on OWASP 1-5 (based off OWASP 2021 for web languages) - C/C++ Embedded now supported in the following course templates.
- OWASP TOP 10 Awareness
- OWASP TOP 10 Awareness 2021
- SCW Recommendations
- Program Certification Level 4 (with Missions). (CONTENT)
-
- 3 New Videos covering the following vulnerabilties, the videos explain the vulnerability subcategory at a high level with examples and solutions. (CONTENT)
- Authentication - Use of Single-factor Authentication.
- Side-channel vulnerability - URL caching
- Side-channel vulnerability - Data sent to 3rd parties
- 3 New Videos covering the following vulnerabilties, the videos explain the vulnerability subcategory at a high level with examples and solutions. (CONTENT)
-
Integrations:
- Enable continuous developer learning in Azure Boards, a task tracking tool that helps teams plan, track and discuss their work. Learn more about it here.
- Download the plugin from VisualStudio marketplace here. (INTEGRATIONS)
- Enable continuous developer learning in Azure Boards, a task tracking tool that helps teams plan, track and discuss their work. Learn more about it here.
-
-
Klocwork (Perforce) is one of the most trusted static code analysis and SAST tools for C, C++, C#, Java, JavaScript, and Python. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size as well as seamlessly integrates with large complex environments and a wide range of developer tools. Learn more about the Perforce Klocwork Integration. (INTEGRATIONS)
- Perforce blog: High Quality, Secure Code Starts with Klocwork + Secure Code Warrior | Perforce Software.
-
Klocwork (Perforce) is one of the most trusted static code analysis and SAST tools for C, C++, C#, Java, JavaScript, and Python. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size as well as seamlessly integrates with large complex environments and a wide range of developer tools. Learn more about the Perforce Klocwork Integration. (INTEGRATIONS)
-
- Hdiv Security delivers continuous security that natively integrates into all stages of the software lifecycle (SDLC), automating application security. Hdiv’s Unified Application Security platform accurately finds security vulnerabilities and protects applications, microservices, and APIs from a broad range of attacks and exploits, including those that can be considered design flaws. Learn more about the Hdiv Integration. (INTEGRATIONS)
IMPROVEMENTS
-
New and updated challenges: CONTENT
- Python Flask: adding more medium/hard challengers - 93 challenges (▲28)
- C++ embedded: - 50 challenges (▲20)
- Java:Spring - 522 challenges (▲17)
- Content Quality Improvements: Starting off with 30 Java:Spring challenges, we’ve ramped up our never ending commitment to improving the quality of our content. CONTENT
November 2021
NEW
-
Walkthroughs and missions in courses (PLATFORM)
- Missions and walkthroughs enable developers to see the impact of poor coding practices by interacting with vulnerabilities on a live system and testing against them
-
- With this month’s release, you can get started with 19 walkthroughs and 50 missions. To learn more about vulnerabilities covered and language:frameworks, please refer to the help article for Walkthroughs and Missions.
- Try out a walkthrough mission to see it in action right away - this is the walkthrough of the latest Path Traversal vulnerability announced by Apache on 4th Oct (CVE-2021-41773) (CONTENT)
IMPROVEMENTS
-
New and updated challenges: (CONTENT)
- Python Django - 234 challenges (▲15)
- Typescript - 28 challenges (▲8)
-
Accessibility: (PLATFORM)
- Colour contrast on key elements in the platform, such as buttons and labels, has been improved to meet AA accessibility standards - progressively enabling a better and inclusive user experience for all.
-
SCW APIs: (INTEGRATIONS)
- API endpoints now include both primary user identifiers - email address and user_id. This provides improved consistency and convenience for API callers needing to match user activity across the various API endpoints.
October 2021
NEW
- Added new templates to include the recently-released OWASP Top 10 2021 web standard, providing options for developers to receive up-to-date training. (CONTENT)
- Courses - OWASP Top 10 Awareness template, supporting the latest OWASP Top 10 2021 web standard, as well as other current standards: OWASP Top 10 2016 mobile standard and OWASP Top 10 2019 API standard.
-
- Assessments - "OWASP Top 10 Web" template, available for 7 language:frameworks: C# (.NET) MVC, C# (.NET) Web Forms, Java Enterprise Edition (JSP), Java Spring, JavaScript Node.js (Express), Python Django, Salesforce Apex.
- Added support for SAML RelayState redirection in SSO configurations. By leveraging this update, program managers are able to connect internal tools with specific Courses or Assessments at scale. Tested by one of our largest clients, this configuration has successfully enabled 20,000+ developers to have a seamless SSO login experience when accessing targeted SCW Courses and Assessments, from right inside their existing learning management system. Learn more about its configuration here. (INTEGRATION)
IMPROVEMENTS
- Added more challenges: (CONTENT)
- C:Embedded - 51 (▲33)
- Javascript:Node.js API - 43 (▲8)
- Python:Basic - 53 (▲15)
- Added special Infrastructure-as-Code (IaC/cloud) challenges for the global tournament (Devlympics 2021). Rest assured, these new Challenges will still be available in the platform after Devlympics: (CONTENT)
- CloudFormation - 42 (▲5)
- Terraforms - 51 (▲4)
- Kubernetes - 49 (▲2)
- Courses UX improvement. We are continuously improving the experience of managing Courses at scale. (PLATFORM)
- Inside Courses Management page, we've added:
- "Manage Participants" button (previously inside each Courses editing page) to make editing participants easier.
- "Publish (Unpublish)" option inside "More".
- Inside Courses Management page, we've added:
-
- Inside each Courses editing page, we've:
- Added "Enter Edit Mode" modal for better clarity on impacts and options for edit. When you need to edit a Course, you need to click this button to start the process. After it’s clicked, a modal will pop up to explain what the impact is to the participants and what you can edit (depending on the Course status).
- Supported badge and notification settings even if a Course is published.
- Inside each Courses editing page, we've:
September 2021
NEW
-
New language:frameworks: (CONTENT)
- C++ for embedded systems is now available - 30 challenges.
- C for embedded systems only available in Courses - 18 challenges.
- RPG: Basic - 18 challenges.
-
3 New Courses templates: (CONTENT)
- Security Awareness 101: This course is pre-filled with videos and starter-level challenges that introduces the user to software security and the most prevalent vulnerabilities. Modules include: Application Security Concepts, Web App Security 101 and Threat Modeling.
-
Certification Program level 1, level 2 and level 3 (program-in-a-box), currently supports OWASP Web languages and frameworks:
- OWASP 1-5 - Certification Program level 1 covering vulnerabilities from OWASP category 1 to 5 - beginner level,
- OWASP 6-10 - Certification Program level 2 with a recap for OWASP category 1 to 5 and covering vulnerabilities from OWASP category 6 to 10 - beginner level.
- OWASP & SCW recommendations - Certification Program level 3 with a recap for OWASP category 1 to 10 and additional SCW recommended categories - intermediate level. - Security Measures for "EO-Critical Software" Use Under Executive Order (EO) 14028 - This course is based on the National Institute of Standards and Technology (NIST) guidance on security measures for EO-critical software use as directed by the Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, May 12, 2021. Includes support for the following language groups: Web, API, Infrastructure as Code (IaC) and Mobile.
IMPROVEMENTS
- Added more challenges to 4 languages with the aim of improving the variety of challenges and reducing repetitiveness in content: (CONTENT)
- Terraform - 47 challenges (▲12), new challenges expand on the vulnerability and difficulty coverage of content around Terraform.
- Java:Spring - 505 challenges (▲10).
- PseudoCode:Basic - 175 challenges (▲11).
- Java:Basic - 80 challenges (▲15).
- Improved Courses management navigation: (PLATFORM)
- Added new navigation buttons at bottom of screen - providing course admins with clear direction during the course creation process.
- Breadcrumbs have now been replaced with tabs dividing setup into Content, Participants and Settings - this will improve maneuverability along the edit flow of courses.
- Add/Remove Languages' functionality has been removed from the setup wizard. Languages that are supported by a particular course template will now be shown on the left hand-side column on the screen.
- New ‘course status’ indicators, providing the user with a better indication of the status of the course:
- 'Cancel and exit’ out of course creation (which will prompt you to name and save the course).
- 'Save draft' button and ‘Last saved’ indicator, providing the user with visibility as to last time the course had been saved.
-
Secure Code Warrior for GitHub now supports contextual learning in pull request review comments. The plugin will, when available, display relevant learning content by scanning for common vulnerability references and names are found in the comments - added by users or SAST tools. (INTEGRATION)
August 2021
NEW
- Our integration with Kondukto is live. An AppSec Orchestration and Correlation platform, Kondukto provides a unified view of vulnerabilities discovered at each stage in the SDLC via various commercial and open-source security tools. The integration will help link to hyper-relevant learning based on detected vulnerabilities. (INTEGRATION)
IMPROVEMENTS
- Several experiential enhancements have been completed for Courses (PLATFORM)
- Video categories and subcategories have been added to reiterate the categories that the vulnerability belongs to - helps viewers associate the video with the right categories that they may explore further later.
-
- An updated look for the wizard navigation with easy-to-follow steps to make it simple for admins to set up courses.
-
- Inclusive language - Secure Code Warrior is proud of its diverse global team and customers. Diversity has always influenced the way we work, build our products, and grow our teams. As first announced in December 2020, we embarked on a journey to ensure the user of inclusive language. We are happy to announce that it has now been completed across all areas of our products. (CONTENT)
-
- Updated Course Template - OWASP Top 10 or equivalent has been introduced that also covers languages where specific OWASP definitions are not available. For e.g. IAC or front-end languages. (CONTENT)
FIXES
- Fixed a bug that severely affected performance for some of our customers on our US instance
July 2021
NEW
- Added a new type of videos - security architecture/design: (CONTENT)
- Threat Modeling Overview
- S.T.R.I.D.E
- Cloudogu has developed an integration with Secure Code Warrior on premise in their SCM-Manager platform. The plugin serves up contextual SCW resources within pull requests and comments for developers to understand and fix security issues faster. It works by identifying common vulnerability names and phrases in the pull request and comment text. (INTEGRATION)
IMPROVEMENTS
- Every Sensei recipe is now stored as a single file in YAML format - making it easier to read, review and maintain them in a version control system. (SENSEI)
- XML recipes now utilize the YAML format to make recipe creation as convenient as the Java recipes. (SENSEI)
- Increased challenge volumes for 2 languages to improve engagement: (CONTENT)
-
- Kubernetes - 47 Challenges (Δ12)
- PL/SQL:Basic - 54 Challenges (Δ10)
- Improved the clarity of the Help Menu option labels, making it easier and faster for you and your team to get support. (PLATFORM)
NOTICE
- Deprecation of AngularJS was officially implemented on July 1st, you can no longer access it on Training mode, nor can you create new AngularJS Courses or Tournaments. However, you can still access existing ones. (CONTENT) (PLATFORM)
June 2021
NEW
- Added New language:framework (Content)
- Bash (30 challenges)
- Cobol:Mainframe (17 challenges)
IMPROVEMENTS
-
Improved challenge quality: (Content)
- C++ , a popular language on the platform, has undergone content rework, improving the quality of up to 25% (34) of total challenges available for developers to tackle.
- Terminology review and update - ‘white’/'black' list terminology in learning resources has been renamed to ‘allow’/'deny' list, ensuring that all terms used on the platform are current and respectful to developers of all backgrounds.
-
Improvement and expansion to Course templates: (Content)
- Improved guidance and messaging for company course admins, to ensure a smoother and less confusing experience during course creation. The new messaging will provide the user with the necessary information to make the correct edits to modules, especially when validation is required for overlapping content when multiple predefined modules are added. (Content) (Platform)
- Course Focus page - Improved guidance for company course admins, when selecting course focus during course creation (better descriptions about the template and areas of focus), providing a more efficient and informative user experience during course creation. (Content) (Platform)
- Warrior Connect partners - We’ve partnered with a number of global technology and regional service providers in the DevSecOps ecosystem to provide contextually relevant training material on findings that will help developers understand and resolve security issues, and arm them with the knowledge and skills to help prevent these vulnerabilities from re-occurring:
- Sensei Feature Highlight: Library Scope - Discover more about the most loved features of Sensei. Read more (3 min read)
May 2021
NEW
- Streamlined the user experience of End of Course Activity for messages and assessments. (PLATFORM)
- Developers will be auto-invited to an assessment linked to a course, freeing application security managers from the endless admin tasks of inviting and guiding developers to the Assessments.
- Developers can now access their end of course activity (message or assessment) as the last module on the Course break-down page.
- Missions (bonus level) in Tournaments are available for PHP: Basic and Scala: Play. (CONTENT)
IMPROVEMENTS
- Added more challenges to 2 languages: (CONTENT)
- C#(.NET): Basic - 71 challenges (▲7).
- C#(.NET): Web API - 54 challenges (▲7).
- Continuously improved content quality of Javascript:Node.js, providing better learning experience for the developers. (CONTENT)
- Improved the calculation methods of “Challenge Played“ to better indicate engagement level and provide more clarity. Renamed “Language Progress“ dashboard as “Quest Progress“ in the platform and added “Unique Challenge Played“ column in CSVs. (PLATFORM)
UPDATES FOR IE 11 DEPRECATION
- Support for Internet Explorer 11 (IE 11) will be retired by 1st July 2021. For now, we have completed stop supporting API Missions in IE 11. We recommend that customers consider using an alternative browser to avoid a sub-optimum experience. (PLATFORM)
April 2021
NEW
- Introducing PHP to the platform with 36 challenges. (CONTENT)
- 3 new languages now available to play bonus-level missions in Tournaments including Python, Python:Flask, Java. (CONTENT)
IMPROVEMENTS
- Added more challenges to 3 languages: (CONTENT)
- PHP: Symfony - 51 challenges (▲20).
- Java: Enterprise Edition API - 80 challenges (▲45)
- Pseudocode - 164 challenges (▲15).
- Improved challenge quality: (CONTENT)
- JavaScript:Node.js Express, a popular language on the platform, has undergone content rework, improving the quality of challenges for developers to tackle - 337 challenges.
- JavaScript: Vue.js, content has been realigned to Secure Code Warrior recommended Top 5 categories for front-end languages, providing more relevant content to front-end developers - 43 challenges.
- Improvement and expansion to Course templates: (CONTENT)
PCI-DSS Course template has been made available to API languages - providing relevant course templates to companies that require courses for API languages.- C# (.NET):Web API
- GO:API
- Java:Enterprise Edition API
- Java:Spring API
- JavaScript:Node.js API
- Kotlin:Spring API
- Python:API
- Admins will now also be able to download csv-files listing all available content, making them aware of the full breadth and depth of content available to them. The three csv-files (challenges, videos and missions) are available in the administration section under the report tabs. (CONTENT)
- Edit function to published/unpublished courses (applicable only to courses where no developers are enrolled). Course admins will now be able to edit the content of a course that has already been published (or unpublished), this will provide administrators the freedom and flexibility to continue making changes to the course content (add/delete modules and activities) up until course enrollment is opened up for developers. (PLATFORM)
- Changes to the Add/Edit Activity screen in Courses.
- A Checkpoint toggle is now available within the Challenge tab. This will allow the administrator the option to include a checkpoint challenge at setup.
The order of activities has been updated. Admins will now see Challenges first in this list, improving the setup experience as Challenges are typically the the most frequently added activity in a course. (PLATFORM) - Course progress API endpoint reporting will now include ‘enrolled’ and ‘completed’ date for Courses.This will allow customers who utilize Reporting APIs to setup the necessary tracking to demonstrate training progress of developers required for compliance purposes (for example PCI - DSS compliance). (PLATFORM)
- A Checkpoint toggle is now available within the Challenge tab. This will allow the administrator the option to include a checkpoint challenge at setup.
- Check out the Sensei Product Update - March 2021. Discover the latest improvements to the user experience of Sensei, Secure Code Warrior's IntelliJ plugin and start writing quality code even faster. Learn more here. (SENSEI)
NOTICE OF DEPRECATION
- Support for Internet Explorer 11 (IE 11) will soon be retired. (PLATFORM)
- In preparation for Microsoft’s end-of-support for IE11 the Secure Code Warrior Learning Platform will be retiring support for IE 11 as of 1st July 2021. Until this date, the browser can still be used to access the platform, however, it is recommended that customers consider using an alternative browser as continued use may result in a sub-optimum experience when using the platform.
- Retiring Angular.JS language:framework. (PLATFORM)
- In conjunction with Google and the Angular team’s announcement (three years ago) of their end-of-support for AngularJS from December 31 2021, the Platform will also be retiring Angular.JS language:framework content. Customers currently training on AngularJS are encouraged to transition their program to Angular.io. Further communication will be sent out over the next few months.
March 2021
NEW
- Added auto-send notification for Courses end-date changes. Courses admins can choose to send out email communications to relevant developers when they change the end-date of a published course, making sure developers are well-informed of the changes. (PLATFORM)
- Enabled 4 additional API languages in Missions: (CONTENT)
- C# (.NET): Web API
- Python: API
- PseudoCode: API
- GO: API
IMPROVEMENT
- Added accuracy and confidence data on top of the progress data for Courses leaderboard ranking, providing better insights for program managers to gauge developer skill levels in the team. (PLATFORM)
- Added more challenges to 4 languages: (CONTENT)
- JavaScript: React - 145 challenges (▲25).
- Angular.io (2+) - 133 challenges (▲12).
- C#: Basic - 64 challenges (▲24).
- CloudFormation - 37 challenges (▲1), reaching Course-ready.
- Reworked the first batch of Node.js challenges, keeping the training content fresh and up-to-date. (CONTENT)
- Realigned Angular and React with a new top 5 categories, making the training more focused on front-end vulnerabilities. The new categories are: (CONTENT)
- Cross-site scripting (XSS)
- Vulnerable components
- Unvalidated redirects and forwards
- Information exposure
- Injection flaws
February 2021
NEW
- Enabled PCI-DSS Recommendations course templates for security program manager to align the training more tightly with PCI requirements 6.5. (CONTENT)
- Added Secure Code Warrior Recommendations course templates for developers to receive a more up-to-date training on high priority vulnerability of a language. Compared to OWASP Top 10 templates, these templates include emerging new vulnerabilities and revised priority based on the data we have. (CONTENT)
- Added Intro templates for clients to have a quick and easy experience of a short Course. (CONTENT)
- Supported Typescript in the platform (20 Challenges). (CONTENT)
- Our first iteration of the Sensei Cookbook Index is now available. Developers can find recipes and cookbooks that help them write high quality and secure code right inside the IDE. (SENSEI)
IMPROVEMENTS
-
Enabled 4 more languages in Missions, including: (CONTENT)
- 3 API languages: C# API, Pseudocode API, and Python API.
- GO
- Supported Korean in the platform, helping Korean developers who are not used to English material to have more focus on learning instead of translating the content.(CONTENT)
- Added more challenges to 7 languages: (CONTENT)
- Pseudocode - 149 Challenges (▲65).
- Java Spring API - 80 Challenges (▲45).
- C#:Core - 176 Challenges (▲44).
- Python:Flask - 65 Challenges (▲5).
- Python:Basic - 61 Challenges (▲3).
- Kubernetes - 35 Challenges(▲4).
- Terraform - 35 Challenges (▲11).
Comments
0 comments
Article is closed for comments.