Bugcrowd and Secure Code Warrior have worked together to map the Vulnerability Rating Taxonomy to Secure Code Warrior training. This provides developers and security teams with a standardised method for reaching hands-on secure coding exercises in a wide variety of programming languages using a simple category to training URL mapping JSON file. This mapping is periodically updated together with the VRT.
Bugcrowd have also released this VRT Ruby Wrapper to provide an easy way to handle VRT logic and query the VRT. By using this in combination with the Secure Code Warrior mapping file, remediation training links can be obtained based on the findings identified in a bug bounty or penetration test. On 29 June 2021, Bugcrowd updated the VRT Ruby Wrapper to support third party links such as the Secure Code Warrior mappings. The following example shows how a Secure Code Warrior training link can be obtained based on a VRT ID:
VRT.find_node(
vrt_id: 'server_security_misconfiguration.unsafe_cross_origin_resource_sharing'
).third_party_links[:scw]
=> "https://integration-api.securecodewarrior.com/api/v1/trial?id=bugcrowd&mappingList=vrt&mappingKey=server_security_misconfiguration:unsafe_cross_origin_resource_sharing&redirect=true"
Comments
0 comments
Article is closed for comments.