Codebashing Release Notes

New Codebashing Integration - Checkmarx One IDE Plugins

Now you can access links to Codebashing lessons while viewing scan results of your code inside your favorite IDE.

Supported IDEs — Visual Studio, VS Code, Eclipse, IntelliJ

To get started, just search the marketplace of your IDE for “Checkmarx” or find links in our knowledge base.

Learn more about Checkmarx One.

New Hacking Headlines

Learn about recent vulnerabilities discovered in Log4J and pwnkit from our latest Hacking Headlines lessons. Each lesson covers the affected component, what exploits were possible, and how it was mitigated. Check them out today!

Product Highlights:

Content Highlights:

Product Highlights:

New Content:

Product Highlights:

New Content:

Product Highlights:

New Content:

Knowledge Base Highlights:

Product Highlights:

New Content:

New Content:

New Content:

Fixes

Notes

Training pass

Training pass is a new configuration security teams can set for their secure coding assessments.

Based on the knowledge developers demonstrate with in their assessment, “Training-pass“ allows security teams to reduce or expand the required training.

In case a developer demonstrates the right level of skill (configurable), related training modules will be marked as if the developer had already completed those, thus reducing the overall number of training modules the developer is require to take. On the other hand, In case a developer didn’t demonstrate the right level of skill, “Training pass” will be able to assign the relevant training modules for that developer so it could have another review on the theory and best practices in each specific topic.

What’s New

Notes

Extended manager functions

Organizations can't rely only on their security teams to be the sole gatekeepers. They need their development teams' help in keeping its gates guarded against security attacks which partenering with development managers is key. After all security is everyone's responsibility.

Codebashing's new manager support now allows managers to reel developers into training by reminding them to login, use broadcasts as a communication channel for various security related announcements and even assign training modules to individuals that require it.

GO MANAGERS!

What’s New

Notes

Advanced .NET Course

Codebashing now offers a new type of .NET training that focuses on increasing .NET developers’ proficiency in identifying vulnerabilities in code.

The new code based lessons, can be considered as the next step for developers that are looking to extend their security training and for senior developers that search for more challenging training formats.

Manager role improvements

Managers can now be attributed as regular team members. We know that some teams include manager users that should be treated as standard users for the sake of assignment completions. You can select the team manager type via the team edit or assign it using the CSV upload mechanism.

What’s New

Notes

Your “secured development skill graph” should always be on the rise. After all, what’s the point of investing in communication, engagement, and training, if all these efforts don’t pay off by reducing your software security exposure overall. To make sure this is the case, you need to keep a close eye on the progress of your development teams using Assessments.

What’s New

What’s New

What’s New

Fixed

What’s New

Notes

Back-end developers need app sec training that takes their specific use cases in mind. We added support for 5 new vulnerabilities: Second order SQLi, SSRF, unrestricted file upload, plain text password storage, and also refreshed 2 modules: SQLi and Command injection and added a cryptography primer to further expand on how back-end developers can better design their code to be more secure.

What’s New

Notes

What's new

What's new

What's new

As part of our ongoing efforts to continuously update and create new content, we added three new modules to our recently launched Front-End Security Basics course:

With the latest update, the following Codebashing features were released:

You asked, and we delivered. Due to many inbound requests from customers for a course that is more “front-end dev centric”, we very recently released just that… our Front End Security Basics.

We also have another exciting new course that will apply to web developers, irrespective of language, due to be released in the not too distant future… check back in soon for more updates.

Previously we updated you on an API endpoint that allows you to assign (tag) lessons to users. We’ve released a front-end wizard allowing you to do this via the management dashboard (you can find this under User Management -> Assigned Lessons).

From that screen, you can assign courses and lessons to specific users, and also track progress completion for any and all users that have been assigned a lesson.

The main use case for this tool is targeted micro-learning for specific users. If you want to automate this based on external events and/or have a large developer population, assignment via API instead of the dashboard is strongly recommended.

We have released a new feature to Codebashing - Challenges!

(You'll find it on the top navigation)

Each challenge includes 10 questions, selected randomly from a of pool of relevant questions, based on coding language, and difficulty level.

You can challenge yourself and see how good you are compared to your peers in the overall challenges leader board and in each specific challenge leader board. Try to beat the high score, but know that it only lasts for 6 months, so be you'll have to be on top of things all year long...

This is the first phase out of many for this feature. In this phase we have published a series of basic level challenges, to help you measure your knowledge before and after your AppSec training, on the most fundamental AppSec issues.

We are working on advanced level challenges for you, that will challenge even the experienced developers out there, we will publish them in the next couple of weeks.

We released a new API for Codebashing – Assigned Lessons.

With this API you have the ability to automatically assign a lesson to a specific user.

A user who has assigned lessons, will see his list of assigned lessons on the left side of Codebashing “My Progress” page (You can access this page via your username dropdown menu on the top-right corner).

Customer Admin’s will have a new section in which they view all of these assigned lessons & users in the company, and follow up with them.

This purpose of this API is to help customers solve advanced use-cases around just-in-time learning, get in touch if you’d like to know more.

We have released today a new lesson to all our web courses: "Using Components with Known Vulnerabilities".

With this new lesson we now cover all of OWASP TOP-10 Vulnerabilities.

In this lesson, the need for timely updates of proprietary and third-party code libraries is discusses and explained.

We have released a new feature: “My Dashboard” page for learners.

Top goals of this new Dashboard are:

Hello Customer Administrator, today we are very excited to announce an end-of-lesson quiz feature that has been released. Many customers had asked us to enhance the “verification” element of user learning, and we’ve done this by incorporating random quiz questions at the end of certain lessons within each Course Catalogue. Not only this, but we have tied the quiz scoring system into the gamification framework, whereby users are incentivized and rewarded to answer questions correctly or lose valuable points for each incorrect answer. We will be further expanding the quiz bank with direct input from the world-renowned Application Security Research team at Checkmarx! We also have some exciting plans in the works for expanding this feature further over the coming months, stay tuned…

Hi Customer Admin,

Do you sometimes wish that you could filter your users by their department, their manager, their job function, or similar? Well now you can (as long as you have this data within your Active Directory environment associated with each user!). SAML/SSO integrated customers can now configure up to 5 custom fields from AD, on a self-service basis by visiting your Account Settings page within your Codebashing tenant. Once you’ve done this you will then see those fields within your CSV exports.

If you need more info, contact us at [email protected].

NB: Don’t forget that you will still need to work with your Identity & Access Management to setup the SAML claims rules at the customer-end so that they can be exposed to your Codebashing tenant.

Hello Customer Admin, just a short update to let you know that there has been a minor change to the CSV file format to include a field that shows whether a user is enabled/disabled to make life easier for you. Additionally, within a couple of weeks you will be able to add “custom fields” to your CSV file by making changes to your SSO/SAML integration - if you want to know more about using this capability to improve your training tracking and filtering needs, please email us a [email protected].

Customer Administrators, this one is for you. In the spirit of making our platform as easy to use as possible for you, we’ve released a further set of “show me how” instructional tours aligned to specific Administrator use-cases within the platform. You can access all of them conveniently from your Admin toolbar. They take about 15-30 seconds to each to view, and each has been developed based on the most frequently asked question we receive from other Customer Administrators.

We've just released another new module into our range of course catalogues, this time focusing on Insecure object deserialization! As always, check in here for the latest lessons, features and updates to Codebashing!

As part of our push towards a more game-like training experience for users, we’ve expanded our range of earnable badges! Don’t forget to check back here frequently for our latest updates. Including incentives for learners that supply recommendation enrichments that are then available to their colleagues (via the recently released feature we mentioned around users being able to add additional links at the end of lessons to things like internal secure coding standards on an intranet, for example).

To within each course landing page we’ve included links to common vulnerability rating systems including: OWASP Top 10, Sans Top 25 and CWE. With this, we aim to provide users with a frame of reference of where certain vulnerabilities fit in to the AppSec landscape, as well as provide further research opportunities to those learners that want it.

We’ve expanded our range of course content! We’ve listened to to our customers and have added a new lesson into our course catalogue covering Insecure TLS validation. Don’t forget to check back for new lessons, features and updates to Codebashing regularly!

Following on from the revamped UI, the Admin interface has a new look, but whats more its the foundations for better charts, widgets and visualisations to come! We've improved the look and feel of the Dashboard components as well as providing better flow to their layout, making it even easier to get an overview of organisations Codebashing usage. The Admin sidebar has also been reorganised to provide clearer access to Analytics, User management and Data export functionalities.

We've just released an update to the management interface, improving the reporting capabilities within the platform! Firstly, we've given the 'Admin Dashboard' an overhaul, making charts more relevant and improving the flow, giving admins an at-a-glance overview of training progress. Secondly, we've add filtering functionality to the 'Manage All Users' screen, making it easier manage user groups from within the platform. Check back soon, as we have more improvements due to the management interface over the coming weeks!

Do you have an internal AppSec wiki or secure coding guidelines on your intranet? We have just released our latest feature for “User Enriched Content”, allowing users to add links to additional resources directly into the relevant Codebashing modules. Users are able to access these while playing though Codebashing, colleagues can up-vote the best resources, helping you get more from your AppSec training activities.

We have pushed a number of new features into production recently, most visible of these is our new revamped user interface across our original course catalogues. Not only does this bring them inline with our mobile courses, meaning more navigable and clearer code-walkthroughs, improved interactivity and module summary, but you can also navigate backwards through modules if you need to replay a previous step.

Hello Codebashing Administrator, we wanted to let you know that our customers ask, and we listen! One of the most frequently requested languages that Codebashing should cover was the Go language.

Today at Codebashing we are pleased to announce the release of our new Go course catalogue of common vulnerabilities and how to prevent them.

We’ve got some very exciting features planned for release in the run up to the end of the year, so don’t forget to login and check the news feed within the software.

Hello Codebasher! We just wanted to let you know that for any and all support issues, the new support alias you should use is [email protected]. (ps: in case you missed it, Codebashing was recently acquired by Checkmarx, this is the reason for the change).

In addition to existing API endpoints admins can now programmatically extract data related to badges users have collected. A range of additional badges that users can collect will be coming soon.

To learn more about the analytics API and how to use it go to the API Credentials page.

We are proud to announce the launch of our brand-new Android & iOS courses!

The new mobile course catalogue covers the following languages and frameworks:

Mobile course modules include the following common vulnerabilities and mitigation techniques: