Menu

    Adding Coding Labs to Courses

    Avatar
    Secure Code Warrior Elves
    • Updated
    Follow


    Coding Labs helps developers advance their secure coding skills through hands-on training with intuitive feedback.     Developers can advance their secure coding skills in a one-of-a-kind fully powered in-browser IDE. When Coding Labs are added to Courses, developers are given the opportunity to practice the knowledge they have gained during the course.

     

    To add a Coding Lab to a Course

    Labs are available in: (additional languages in development)

    1. C Embedded
    2. C# (.Net) Core
    3. C# (.Net) Web API
    4. C++ Basic 
    5. Java Enterprise Edition (Basic)
    6. Java:Enterprise Edition API
    7. Java Spring
    8. Java Spring API
    9. Javascript Node.js (Express)
    10. JavaScript React
    11. Python Basic 
    12. Python Django
    13. TypeScript Node.js(Express)
    14. TypeScript React
    15. Terraform AWS

    Coding Labs are available in the following templates for either all or some of the languages listed above:

    1. Introductory Course
    2. Introduction to OWASP Top 10 Awareness (with latest updates from the Web top 10 2021)
    3. In-depth OWASP Top 10 Awareness (with latest updates from the Web top 10 2021)
    4. PCI DSS v4.0 Recommendations
    5. Secure Code Warrior Recommendations
    6. Security Measures for "EO-Critical Software" Use Under Executive Order (EO) 14028
    7. Certification Programme level 1 - OWASP 1-5
    8. Certification Programme level 2 - OWASP 6-10
    9. OWASP Top 10 2017 Awareness
    10. Storyline OWASP TOP 10 2021
    11. PCI DSS v3.2.1 Recommendations

    Step 1

    Create a new course and add a supported language, or;

    Edit an existing course that already contains a supported language, or;

    Edit an existing course and add a supported language.

    Step 2

    Select Course Content and then select a course module that contains content related to one of the supported  vulnerabilities:

    1. Access Control: Missing Function Level Access Control
    2. Access Control: Missing Object Level Access Control
    3. Authentication: Insufficient Anti-Automation
    4. Authentication: Improper Authentication
    5. Authentication: Insecure Password Reset Function
    6. Authentication: Use of Single-factor Authentication
    7. Authentication: Insufficiently Protected Credentials
    8. Business Logic: Insufficient Validation
    9. Business Logic: Logical Error
    10. Cross-Site Scripting (XSS): DOM-Based Cross-Site Scripting
    11. Cross-Site Scripting (XSS): Stored Cross-Site Scripting
    12. File Upload Vulnerability: Unrestricted File Upload
    13. Information Exposure: Sensitive Data Exposure
    14. Injection Flaws: Deserialization of Untrusted Data
    15. Injection Flaws: LDAP Injection
    16. Injection Flaws: OS Command Injection
    17. Injection Flaws: Path Traversal
    18. Injection Flaws: SQL injection
    19. Insecure Cryptography: Insecure Randomness
    20. Insecure Cryptography: Weak Algorithm Use
    21. Insufficient Logging and Monitoring: Insufficient Logging and Monitoring
    22. Insufficient Transport Layer Protection: Unprotected Transport of Sensitive Information
    23. Insufficient Transport Layer Protection: Weak Algorithm or Protocol Use
    24. Lack of Resources & Rate Limiting: Lack of Resources & Rate Limiting
    25. Mass Assignment: Mass Assignment
    26. Memory Corruption: Buffer Overflow
    27. Memory Corruption: Double Free
    28. Memory Corruption: Format String Vulnerabilities
    29. Memory Corruption: Integer Overflow
    30. Memory Corruption: Use After Free
    31. Memory Corruption: Type Confusion
    32. Security Misconfiguration: Disabled Security Features
    33. Security Misconfiguration: Improper or Missing HTTP Headers
    34. Security Misconfiguration Information Exposure
    35. Security Misconfiguration: Improper Permissions
    36. Sensitive Data Storage: Plain Text Storage of Passwords
    37. Sensitive Data Storage: Plain Text Storage of Sensitive Information
    38. Server-Side Request Forgery: Server-Side Request Forgery (SSRF)
    39. Unvalidated Redirects and Forwards: Unvalidated Redirects and Forwards
    40. Vulnerable Components: Using Components From Untrusted Source
    41. Vulnerable Components: Using Known Vulnerable Components
    42. XML External Entities (XXE): XML External Entities (XXE)


    Step 3

    Select the ellipsis next to the right of the module name and select Add activity

    Add Coding Lab - E - 1.png

     

    Step 4

    Select Coding lab and then select the required Category and Subcategory

     

    Add Coding Lab - E - 2.png

    Step 5

    Select Apply changes. The selected Coding Lab will be added to the module.

     

    Add Coding Lab - E - 3.png

     

     

    Related Links:

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.