Security Journey

Assessments are a powerful tool designed to evaluate developers' understanding of secure coding and application security principles. Our assessment helps organizations measure and improve their teams' security proficiency, ensuring they are equipped to build secure applications from the ground up. ​

Assessments have three categories, each testing a different area of secure coding knowledge. 

*Our recommendation for your entire developer organization*

This category assesses the learner's ability to identify and mitigate code vulnerabilities through multiple-choice code questions targeting specific issues from the OWASP Top 10 and CWE Top 25 across different programming languages. ​

We feature three types of interactive coding questions in Secure Coding Assessments:​

Identify the line of code that will secure the vulnerable line ​

Identify the block of code that creates a vulnerability​

Identify which line of code makes the code vulnerable

1. Identify the line of code that will secure the vulnerable line ​
2. Identify the block of code that creates a vulnerability​
3. Identify which line of code makes the code vulnerable

A screenshot of a computer code

AI-generated content may be incorrect.

- Concurrency Issues
- Incorrect Default Permissions
- Insecure Design
- Security Misconfiguration
- Software and Data Integrity Failures
- Use of Hard-Coded Credentials
- Integer Overflow or Wraparound
- Improper Authentication
- Code Injection
- Injection
- Security Logging and Monitoring Failures
- Risky Cryptographic Algorithms
- Broken Access Control
- Server-Side Request Forgery
- Vulnerable and Outdated Components

- C#
- C++
- Java
- JavaScript
- Pseudocode
- Python

___________________________________________________________

This category assesses the learner's knowledge of security terminology, foundational topics like data privacy, and the importance of a security-focused organizational culture.​ All questions are multiple-choice. 

- Risk Terminology
- Security Triad
- Data Privacy
- Threat Actors
- Threats
- Organization Community
- Security Champions
- Shifting Security
- Attack Terminology
- Fundamental Terminology
- Threat Terminology

3. Secure Development &amp; Design

This category assesses the learner's knowledge of secure practices across DevSecOps, the Secure Development Lifecycle (SDL), and Threat Modeling, evaluating the ability to integrate security throughout the software development process.​ All questions are multiple-choice. 

Secure Development &amp; Design Question Example

- Build and Deployment
- Information Gathering
- Culture and Organization
- Implementation
- Test and Verification
- Metrics and Reporting
- Product Security Incident Response Team
- Security Best Practices
- Security Requirements
- Security Testing
- Third-Party Testing
- STRIDE
- Threat Modeling Process

This article describes the categories in our Assessment feature and what topics each one tests.

What are Assessments?

Assessment Categories

1. Secure Coding

Interactive Coding Question Example

Topics Covered

Languages Supported

Total Questions in Category

2. Core Security Concepts

Core Security Concepts Example

Topics Covered

Total Questions in Category

3. Secure Development & Design

Secure Development & Design Question Example

Topics Covered

Total Questions in Category