Skip to content
  • There are no suggestions because the search field is empty.

AI Access: Assessment Categories

Explore Security Journey Assessment categories and what each measures to help teams benchmark and improve security knowledge.

What are Assessments?

Assessments are a powerful tool designed to evaluate developers' understanding of secure coding and application security principles. Our assessment helps organizations measure and improve their teams' security proficiency, ensuring they are equipped to build secure applications from the ground up.

Assessment Categories

Assessments have three categories, each testing a different area of secure coding knowledge.

1. Secure Coding

This category assesses the learner's ability to identify and mitigate code vulnerabilities through multiple-choice code questions targeting specific issues from the OWASP Top 10 and CWE Top 25 across different programming languages. ​

We feature three types of interactive coding questions in Secure Coding Assessments:​

  1. Identify the line of code that will secure the vulnerable line ​
  2. Identify the block of code that creates a vulnerability​
  3. Identify which line of code makes the code vulnerable

Note: This is the default and our recommendation for your entire developer organization.

Interactive Coding Question Example

Topics Covered

Concurrency Issues Incorrect Default Permissions
Insecure Design Security Misconfiguration
Software and Data Integrity Failures Use of Hard-Coded Credentials
Integer Overflow or Wraparound Improper Authentication
Code Injection Injection
Security Logging and Monitoring Failures Risky Cryptographic Algorithms
Broken Access Control Server-Side Request Forgery
Vulnerable and Outdated Components  

Languages Supported

  • C#
  • C++
  • Java
  • JavaScript
  • Pseudocode
  • Python

Total Questions in Category

  • 15 Questions

2. Core Security Concepts

This category assesses the learner's knowledge of security terminology, foundational topics like data privacy, and the importance of a security-focused organizational culture.​ All questions are multiple-choice.

Core Security Concepts Question Example

Topics Covered

Risk Terminology Security Triad
Data Privacy Threat Actors
Threats Organization Community
Security Champions Shifting Security
Attack Terminology Fundamental Terminology
Threat Terminology  

Total Questions in Category

  • 11 Questions

3. Secure Development & Design

This category assesses the learner's knowledge of secure practices across DevSecOps, the Secure Development Lifecycle (SDL), and Threat Modeling, evaluating the ability to integrate security throughout the software development process.​ All questions are multiple-choice.

Secure Development & Design Question Example

Topics Covered

Build and Deployment Information Gathering
Culture and Organization Implementation
Test and Verification Metrics and Reporting
Product Security Incident Response Team Security Best Practices
Security Requirements Security Testing
Third-Party Testing STRIDE
Threat Modeling Process  

Total Questions in Category

  • 13 Questions

4. Artificial Intelligence and Large Language Models

This category assesses the learner's knowledge of foundational concepts and advanced attack vectors in contemporary AI/LLM security.

AI and LLM Example Question

Topics Covered

AI/LLM Core Security AI/LLM Training Data and Model Poisioning
AI/LLM Supply Chain Vulnerabilities AI/LLM Vector and Embedded Weaknesses
AI/LLM Prompt Security AI/LLM Sensitive Information Disclosure
AI/LLM Improper Output Handling AI/LLM Excessive Agency
AI/LLM Unbounded Consumption AI/LLM Model Theft
AI/LLM Misinformation  

Total Questions in Category

  • 11 Questions