What are Assessments?
Assessments are a powerful tool designed to evaluate developers' understanding of secure coding and application security principles. Our assessment helps organizations measure and improve their teams' security proficiency, ensuring they are equipped to build secure applications from the ground up.
Assessment Categories
Assessments have three categories, each testing a different area of secure coding knowledge.
1. Secure Coding
Our recommendation for your entire developer organization
This category assesses the learner's ability to identify and mitigate code vulnerabilities through multiple-choice code questions targeting specific issues from the OWASP Top 10 and CWE Top 25 across different programming languages.
We feature three types of interactive coding questions in Secure Coding Assessments:
- Identify the line of code that will secure the vulnerable line
- Identify the block of code that creates a vulnerability
- Identify which line of code makes the code vulnerable
Interactive Coding Question Example
Topics Covered
| Concurrency Issues | Incorrect Default Permissions |
| Insecure Design | Security Misconfiguration |
| Software and Data Integrity Failures | Use of Hard-Coded Credentials |
| Integer Overflow or Wraparound | Improper Authentication |
| Code Injection | Injection |
| Security Logging and Monitoring Failures | Risky Cryptographic Algorithms |
| Broken Access Control | Server-Side Request Forgery |
| Vulnerable and Outdated Components |
Languages Supported
- C#
- C++
- Java
- JavaScript
- Pseudocode
- Python
Total Questions in Category
- 15 Questions
2. Core Security Concepts
This category assesses the learner's knowledge of security terminology, foundational topics like data privacy, and the importance of a security-focused organizational culture. All questions are multiple-choice.
Core Security Concepts Example
Topics Covered
| Risk Terminology | Security Triad |
| Data Privacy | Threat Actors |
| Threats | Organization Community |
| Security Champions | Shifting Security |
| Attack Terminology |
Fundamental Terminology |
| Threat Terminology |
|
Total Questions in Category
- 11 Questions
3. Secure Development & Design
This category assesses the learner's knowledge of secure practices across DevSecOps, the Secure Development Lifecycle (SDL), and Threat Modeling, evaluating the ability to integrate security throughout the software development process. All questions are multiple-choice.
Secure Development & Design Question Example
Topics Covered
| Build and Deployment | Information Gathering |
| Culture and Organization | Implementation |
| Test and Verification | Metrics and Reporting |
| Product Security Incident Response Team | Security Best Practices |
| Security Requirements | Security Testing |
| Third-Party Testing | STRIDE |
| Threat Modeling Process |
Total Questions in Category
- 13 Questions