Additional Info

Company size (employees)8


Secure Code Warrior was born when a small group of cyber security professionals built a company around the idea that a new approach was needed in software development cyber security. The team have seen the cost associated with fixing vulnerable code first hand, making them passionate about equipping developers with the skills necessary to prevent software security flaws from being introduced in the first place.

In about 9 months, Secure Code Warrior has developed a new and innovative web-based corporate education platform where software developers use hands-on learning to build their secure-coding skills. Developers build vulnerability pattern recognition memory by working on sequentially more difficult challenges containing code with real vulnerabilities. Building this security muscle memory means that they’re better equipped to recognise vulnerability patterns in real work projects.

The gamified nature of the platform provides benchmarking through a challenge environment to keep developers engaged – using Leader Boards and a Developer Maturity Model. We’ve seen that many developers actually continue the training on their own time just to prove they’re the best. We have built in a total of an impressive 2000 challenges in 8 different application frameworks (JAVA Spring, JAVA Struts, JAVA JSP/J2EE, C# .NET WebForms, Ruby on Rails, Android JAVA, Objective c).

From a business perspective, executives are able to see the learning progress of their development team(s) including their secure code strength and weakness areas, but also allowing them to evaluate offshored and external development teams. For the first time there is a live data-driven evaluation of an individual developer’s true secure code writing ability. Several financial institutions in Europe and Australia have (early) adopted this platform to ensure their external suppliers have a minimum baseline in secure coding and to better enable developers to review and fix their own code before submitting.

How we are different

• Security begins and ends with the developer. They write the code, and if there are vulnerabilities found during the testing or review phases, they have to fix the code. The Secure Code Warrior platform addresses the root cause of security vulnerabilities in applications by educating developers on how to apply secure coding techniques. We teach developers to not only identify but also remediate vulnerabilities in application code in a gamified manner, which moves away from the traditional in class training and appeals to the gaming mentality of developers by providing a competitive element.

• Designed by professional developers and IT security experts, our learning activities align with industry standards, including the OWASP Top 10 Application Security Weaknesses. Developers can apply or improve their secure coding skills by playing in the language framework(s) they’re familiar with.

• Secure Code Warrior are not coming up with high-tech artificial intelligence rocket science or with the latest end-points pro-active immunisation techniques to stop malware. No, Secure Code Warrior tries to address a worldwide gap in our education systems around secure coding. It is not acceptable that multiple companies get hacked by SQL injections in 2016 while this software weakness (and its solutions) have been known since 1998. Secure Code Warrior have teamed up with universities in Australia (at no cost) to help to educate software engineering students in secure coding techniques before they go out into the corporate world and are tasked with building real world applications. They want to be able to do this for every university worldwide and help every commercial enterprise to avoid costly mistakes.