Thursday, December 3, 2015

Secure Coding Skills Development Features

Out of the feedback and gameplay data of our Secure Code Warrior platform, we learned that most developers found the challenges really challenging and they felt they needed some support or helpline to advance their skills development. Many realised they might not be so good in secure coding as they expected.

To address this feedback, our team have implemented some exciting features to ensure that users without any security knowledge are able to learn
  • The “Training Ground”, these are entry level missions that focus on one set of vulnerabilities only. Aspirant Secure Code Warriors can start off here and practice on a range of data validation issues like code injection.
Several of our Clients have provided us feedback on the requirement to enable developers to train in topics which are of focus in classroom training they deliver. This allows
developers to apply the teachings of the topics taught in class by completing topic specific missions consisting of real world, language specific challenges. As a result the “Training Ground” is now available where users complete missions that focus on single topics or vulnerability categories (e.g. authentication and access control, data handling). These category-based missions exposes the user to basic training on the main categories of application security vulnerabilities and sets them up for the full game where they will be confronted with a combination of different vulnerabilities to identify and remediate.

  • A “Hinting” system– Recognising that users may not yet have the skills to answer questions they are confronted with and that we need to equip them with this, we have implemented a hinting system. Users can learn by the direction provided by hints that they request:
    1. First hint will give a general understanding of the problem
    2. Further hints will give specific assistance by pointing the developer to a specific code block, or removing some wrong answers.
    3. Last hint will almost give the answer completely away. 
Obviously, the more hints that a user requests, the less points will be awarded for the question should they answer it correctly

  • Response Feedback – Our users have requested that they would like to know more about why they got a question right. We acknowledge that this is again something that can encourage further learning and as a result we have implemented a feedback system. Users are given an explanation of why the question they have answered is correct.

Bonus - LinkedIn Integration

Players can now demonstrate their level of skill in secure coding by publishing their security maturity level and player statistics on LinkedIn. A unique link will be generated that allows anyone on LinkedIn to view your individual player statistics.