New
New Course Templates:
- OWASP Top 10 for Large Language Model (LLM) Applications
We now have 10 new Guidelines covering the OWASP LLM Top 10 and 3 new Walkthroughs, all available in Pseudocode: Web. Developer and non-developer learners working on LLM projects may all benefit from this content.
These Walkthroughs leverage real LLM backends, allowing learners to better understand the impacts of these vulnerabilities.
Guidelines:
-
-
- Direct Prompt Injection
- Insecure Output Handling
- Training Data Poisoning
- Model Denial of Service
- Supply Chain Vulnerabilities
- Sensitive Information Disclosure
- Insecure Plugin Design
- Excessive Agency
- Over-Reliance
- Model Theft
-
Walkthroughs:
-
-
- Direct Prompt Injection
- Insecure Output Handling
- Excessive Agency
-
Security Foundations
In addition to the new course template on LLMs, we've introduced course templates on the following foundational security topics:
- Foundations of Software Security: This course introduces and provides an overview of Software Security concepts, including the Software Security Initiative (SSI), the Software Development Life Cycle (SDLC) and SSDLC, application security testing, and secure code reviews.
- Threat Modelling: This course introduces and provides an overview of threat modelling, covering all its methodologies and offering an in-depth analysis of a threat model for a banking application.
- Open Source Software: This course introduces open source software, an overview of OWASP Top 10 Risks for open source software, case studies on CVE-2021-44228 and CVE-2024-3094, and managing open-source software risk.
- Security Requirements: This course focuses on introducing software security requirements, methodologies for requirements gathering, writing security requirements, and verifying these requirements.
- CERT Recommendations: This course focuses on the CERT Standard for secure coding practices, supported in C++.
New Reports are now Generally Available
We have built four new reports in the Metrics section to enable Admins to measure the progress and impact of their secure coding learning program. The reports provide insights for Courses, Assessments, Programs, and Tournaments.
- Reporting API is now available
We have made our new Reporting API publicly available! This will allow you to pull through the same data from any of the reports in the Metrics section of Secure Code Warrior to your own tools for further analysis or visualisation.
- Trust Score insights: Team Leaderboard and Learner List
We're continuing to add to the Trust Score insights report in the Metrics section, with two additional data views: your list of all Learners including their learner Skill Level, and your Team Leaderboard.
Challenges in Explore
It is now possible to search for (and play) Challenges via the Explore page. Missions, Walkthroughs, and Guidelines are coming soon!
Inactive User Reminders
This new feature will send a personalised recommendation to users who have not logged in for over three months, recommending them to solve a coding lab of their choice in a recommended topic. If users do not log in, they will receive monthly reminders afterwards.
Company admins have the ability to enable or disable this feature in company preferences.
In Preview
Quests is here!
We have launched the first version of a new module called "Quests".
Each language-specific Quest gives the learner all the learning they need to be a secure developer in their chosen language(s). It is designed to provide a clear learning path and flexibility on what to do next. It includes a structured list of topics, with various activities including videos, guidelines, challenges, walkthroughs and coding labs.
We have also added the option (in Preview) to disable the navigation to the Training module from the main navigation.
Comments
0 comments
Please sign in to leave a comment.