While the world could always do with more coders, the pandemic has also caused a spike in hackers looking to exploit any weaknesses as more people rely on their devices and the internet for work and leisure. Code security is paramount.
Around 40 missions are currently available, each demonstrating issues that actually impacted the likes of Facebook, WhatsApp, GitHub, and high-profile banks.
For example, the Unicode vulnerability which hit GitHub last year is fully simulated. Developers can see and solve the vulnerability in a safe environment.
Pieter Danhieux, Co-Founder and CEO of Secure Code Warrior, said:
“Missions is like a flight simulator for coders. Just like a pilot who needs to continually train to keep flying, Missions offers practical applications of live code in a hyper-relevant environment designed to encourage coders to understand attacks, practice and perfect their secure coding skills and knowledge.
We’re levelling up our existing offerings in a logical fashion and creating a progressive, scaffolded approach to building skills. It helps developers move from merely recalling knowledge to systematically building upon their experiences and skillset in real-time, fostering valuable secure coding skills that are job-relevant and allowing coders to experience the impact of insecure code first hand, in a safe environment.”
Seven language frameworks are supported:
- C#(.NET):Web Forms
- Java:Enterprise Edition (JSP)
Colin Domoney, a UK security expert who has trialled Missions over the past fortnight, commented: “During my time as an AppSec Manager at Deutsche Bank, one of my biggest challenges was demonstrating to development teams the very real threats coding flaws represented to the business.”
“Missions makes it easy to demonstrate how code can be compromised—a developer can view an app’s browser window and code on a single screen, they’re shown how an attacker could exploit vulnerabilities, and then do the exploit first-hand. I wish I’d had this several years ago.”
A demo of Missions is available here (no signup required)