New Hands-On Veracode Security Labs Helps Developers Tackle Vulnerabilities in a Real-World Environment

Experience Veracode Security Labs to see how developers can grow and apply their AppSec skills by visiting Veracode at booth N #5553 at RSA 2020

BURLINGTON, Mass. – Feb. 20, 2020 – Veracode, the largest independent global provider of application security testing (AST) solutions, today announced Veracode Security Labs which teaches secure coding practices through interactive web apps based on modern threats that developers exploit and patch. The labs-based approach to developer enablement can improve time to resolve flaws and help developers avoid flaws altogether, improving skills and overall awareness of secure coding practices.

Veracode Security Labs is a new module within the Veracode Developer Enablement product family which includes rich programs and eLearning tools that aim to engage developers with practical training. Veracode Security Labs teaches modern secure coding techniques through guided, interactive online exercises that train developers to tackle modern threats. It teaches AppSec skills through hands-on experience using examples taken from real-world exploits to ensure developers can apply new skills immediately. In January 2020, Veracode acquired the technology behind Security Labs from Hunter2. The new offering is immediately available to customers.

“[This program] provides an interactive, web-based experience for engineers where they get to use a code editor, interact with a real Linux server, and real application stacks. The platform enables guided lessons that help engineers understand vulnerability classes, exploit them, and most importantly…patch the issues,” said Mark Stanislav, Head of Application Security, Duo Security at Cisco[1]. “Our team chose this platform for not just the level of interaction engineers have, but because unlike other offerings the labs it comes with are not the end of the road -- we could bring our own lessons, too. That’s a critical feature for our team that enables us to cater specifically to our engineers’ needs and also to keep pace with application security trends more readily.”

Using Veracode Security Labs, companies can create customized labs that are relevant to their tech stack and business objectives. The training uses web apps written in an organization’s chosen languages, so the skills and strategies learned are directly applicable to the organization's environment. Developers can continue to level up their secure coding skills with progress reporting, new assignments, and a leaderboard within the tool.

“Research shows that developers often outnumber security professionals 100 to one, so when development teams are empowered to fix flaws and code securely, AppSec programs scale,” said Ian McLeod, Chief Product Officer, Veracode. “Veracode Security Labs engages and actively teaches developers by giving them a contained space to work with real code, and demonstrates how to avoid flaws that have led to some of the headline-making vulnerabilities of the last few years. With this approach, in as little as five to 10 minutes, developers can learn new skills and deliver secure code on time.”

Security teams often don't have the bandwidth or expertise to teach security skills to large teams of developers in their organization. The result is an ever-growing mountain of security debt. With Veracode Developer Enablement, development teams can leverage Security Labs, eLearning, and training tools, and an array of other security expertise and guidance and the Veracode Community for peer input.

Visit Veracode at RSA 2020 at booth N #5553 for a demo of Veracode Security Labs and to learn more about the industry’s most complete SaaS platform for DevSecOps. Talk with our experts and follow us on Twitter at @Veracode to enter a Twitter raffle during RSA for a chance to win great prizes.