Contrast Security Joins Forces With Secure Code Warrior to Deliver Secure Development Training for Customers

Integration delivers industry-leading just-in-time security training for developers embedded in Contrast UI, IDE plugins, and Secure Code Warrior Jira plugin

Contrast Security, a leader in modernizing application security, today announced its integration with Secure Code Warrior to deliver the industry's leading just-in-time security contextual micro-learning modules to enhance developers' skills to easily fix vulnerabilities without the need of a security team. Contrast's innovative Security Trace format pinpoints exactly where a vulnerability appears in the code and provides line-of-code insight. The integration then provides just-in-time "how-to-fix" help via micro-videos and interactive contextual courses that are specific to the code that is being fixed or the vulnerabilities found by the Contrast Application Security Platform. 

Over the past year, firms accelerated their digital transformation efforts which, in turn, increased demand for new software applications in virtually every industry. It also placed an immeasurable burden on developers to do more and to do it faster, leading to significant application security challenges, even for modern software development teams. A recent study found 79% of developers are under pressure to shorten release cycles and commit code more quickly. Yet, at the same time, 85% of developers admit their average application has an average of 10 or more vulnerabilities. 

Given these struggles, it is not surprising that 77% of developers expressed a desire to receive more training in application security and potentially assume greater responsibility in the area. Yet, legacy application security testing (AST) solutions offer limited guidance for developers on how to fix vulnerabilities or the depth to provide "line-of-code"-level instructions. Adding more application security staff is not the answer. Beyond the cost of hiring more application security specialists, 75% of organizations report that it is difficult to even find those with the right specialized skill sets they need. If organizations are going to write and release code with fewer vulnerabilities, they must empower their developers to do so. 

Recognizing that traditional security training models simply do not scale and provide developers with the just-in-time training demanded by modern software development life cycle (SDLC), Contrast and Secure Code Warrior have partnered for an industry-leading, just-in-time approach that empowers developers to develop secure coding skills while they write and release code. Secure Code Warrior's contextual micro-learning modules are integrated into the Contrast Application Security Platform to deliver accessible hands-on, bite-sized education that is language- and framework-specific. This provides developers with the right type of skills and knowledge needed to succeed in their day-to-day work. As part of this process, video-based training is embedded in the "How-to-Fix'' sections on the Contrast UI and IDE plugins and via the Secure Code Warrior Jira plugin.

"Developers care about security but struggle due to legacy training approaches that fail to deliver contextually relevant guidance that they need," said Nikesh Shah, Sr. Director of Strategic Alliances at Contrast Security. "We need developers to be security-aware, not security experts, and education and automation are at the foundation for DevSecOps transformation. Just-in-time training within the Contrast platform is immensely more effective — and efficient — than traditional security classroom training that is theoretical rather than practical. The integration between Secure Code Warrior and Contrast enables developers to learn and develop secure coding practices that significantly reduce the number of vulnerabilities introduced into new code. This improves the productivity of developers who are under increasingly greater time pressures while dramatically reducing application risk." 

DevSecOps requires continuous security education, security by design, and security automation. By enabling a culture of security awareness, developers remain agile and a higher, safer standard of software security is possible. Specifically, when security training is engaging and delivered in the languages and frameworks that are actually used, it is a powerful learning experience. Contrast and Secure Code Warrior aim to enable developers to level up their security knowledge and skills while leaving behind boring assessments and tick-the-box training.

"We will never have enough application security specialists to deal with the amount of code being produced. It is time to stop trying to win an impossible game," said Stephen Allor, Head of Partners, Global at Secure Code Warrior. "The integration with Contrast provides the right tools, just-in-time learning, and support to deliver a human approach which shifts culture and behavior to make security an integral part of an organization's DNA. The partnership empowers developers to gain hands-on skills and to learn by doing."

To learn more about the Secure Code Warrior and Contrast integration, please visit the Security Observability virtual meetup and review the blog and solution brief.  

About Secure Code Warrior:

Secure Code Warrior makes secure coding a positive and engaging experience for developers. Our flagship Learning Platform delivers relevant skills-based pathways for developers to write secure code at speed while intelligent and contextual developer tools fix common security bugs in real time. 

Through inspiring a global community of security-conscious developers to embrace a preventative secure coding approach, our mission is to pioneer a people-first solution to security upskilling, stamping out poor coding patterns for good. Established in 2015, our customers include major financial institutions, telcos, retail, governments and global technology companies across Europe, North America and Asia-Pacific.

About Contrast Security:

Contrast Security is the leader in modernizing application security, embedding code analysis and attack prevention directly into software. Contrast's patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for expensive infrastructure workloads and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improves efficiencies and cost, and enables rapid scale while protecting applications from known and unknown threats.

Contrast Security
Jacklyn Kellick
[email protected]

Source: Contrast Security


Tags: AppSec, Cybersecurity, Developer, DevOps, Open Source, Secure Code Warrior