Security Journey

Assessments is a powerful tool designed to evaluate developers' understanding of secure coding and application security principles. Our assessment helps organizations measure and improve their teams' security proficiency, ensuring they are equipped to build secure applications from the ground up.

Our Assessments test developers' knowledge in key security areas. These assessments allow you to: 

Establish a security knowledge baseline​

- You can learn more about developers’ current skills, highlight strengths and weaknesses, and use this information to implement targeted training programs. 

Identify gaps in secure coding practices, secure development methodologies, and core security concepts.​

Offer a streamlined training experience by allowing developers to test out of content they already know.​

- Establish a security knowledge baseline​
  - You can learn more about developers’ current skills, highlight strengths and weaknesses, and use this information to implement targeted training programs. 
- Identify gaps in secure coding practices, secure development methodologies, and core security concepts.​
- Offer a streamlined training experience by allowing developers to test out of content they already know.​

___________________________________________________________

We currently offer three assessment categories. You can choose to assess developers on any or all the following categories:

Our recommendation for your entire developer organization​

Targets specific issues from OWASP Top 10 and CWE Top 25

Available languages include: C#, JavaScript, Python, Pseudocode, C++ and Java

Includes interactive multiple-choice questions where developers select the correct code block, identify vulnerabilities, or determine the best remediation.

- Our recommendation for your entire developer organization​
- Targets specific issues from OWASP Top 10 and CWE Top 25
- Available languages include: C#, JavaScript, Python, Pseudocode, C++ and Java
- Includes interactive multiple-choice questions where developers select the correct code block, identify vulnerabilities, or determine the best remediation.

Focuses on DevSecOps principles, the Secure Development Lifecycle, and Threat Modeling

- Focuses on DevSecOps principles, the Secure Development Lifecycle, and Threat Modeling
- Multiple Choice​

Secure Development &amp; Design​

Evaluates knowledge of fundamental security terms, principles, and organizational security culture

- Evaluates knowledge of fundamental security terms, principles, and organizational security culture
- Multiple Choice

For a deep dive into our Assessment types with example questions and topics covered check out <a href="http://help.securityjourney.com/en/articles/10535947-assessment-categories">Assessment Categories</a>.

<a href="http://help.securityjourney.com/en/articles/10535939-how-to-create-an-assessment">How to create an assessment</a>

<a href="http://help.securityjourney.com/en/articles/10536259-assessment-notifications">Assessment Notifications</a>

<a href="http://help.securityjourney.com/en/articles/10535963-reporting-assessments">Reporting</a>

<a href="https://intercom.help/securityjourney/en/articles/10536072-assessment-faqs" rel="nofollow noopener noreferrer" target="_blank">Assessment FAQs</a>

<a href="https://help.securityjourney.com/en/articles/10744240-choosing-content-after-an-assessment" rel="nofollow noopener noreferrer" target="_blank">How to choose content to assign after you complete an assessment</a>

This article describes our Assessment feature, best practices, setup and configuration.

What are Assessments?

Key Features and Benefits

Assessment Categories

Secure Coding

Core Security Concepts

Secure Development & Design

Setup and Configuration

Post-Assessment Recommendations