Codebashing Release Notes

Codebashing June 2022 Updates

New Lessons

6498943043.png

Learn Backend Security in Scala with our newest course.

6498451514.png

Find out how improper session handling exposed a serious vulnerability in the open source Zabbix monitoring tool in our latest Hacking Headlines lesson.

New Codebashing Integration Checkmarx SAST → Custom Courses

Generate custom courses in Codebashing based on the results found in Checkmarx SAST. Ensure your time spent training is aligned to your current challenges.

6498910278.png

To get started, find setup instructions in the Codebashing documentation.

Codebashing May 2022 Updates

New Codebashing Integration - Checkmarx One IDE Plugins

6426427400.png

Now you can access links to Codebashing lessons while viewing scan results of your code inside your favorite IDE.

6426656780.png

Supported IDEs — Visual Studio, VS Code, Eclipse, IntelliJ

To get started, just search the marketplace of your IDE for “Checkmarx” or find links in our knowledge base.

Learn more about Checkmarx One.

Codebashing February 2022 Updates

New Hacking Headlines

6321176804.png

Learn about recent vulnerabilities discovered in Log4J and pwnkit from our latest Hacking Headlines lessons. Each lesson covers the affected component, what exploits were possible, and how it was mitigated. Check them out today!

Codebashing January 2022 Updates

Product Highlights:

  • NEW Administrators can enable new permissions for Managers to provide more control of their teams

Content Highlights:

  • NEW Course - IaC Security - Learn how to secure Infrastructure as Code (IaC) platforms

  • NEW Course - PHP: Backend Security Basics

Codebashing December 2021 Updates

Product Highlights:

  • NEW Japanese & Korean options now available as Content Languages — go to Account Settings to select

  • NEW When completing lessons in select courses you'll now be recommended related lessons from Codebashing's catalog to try

    6217728024.png
  • IMPROVED Tournament Leaderboards now include Team scores when viewing the Results

New Content:

  • NEW PHP Advanced Course

  • NEW Scala now available in Tournaments

Codebashing October 2021 Updates

Product Highlights:

  • NEW Tournaments and Assessments now support international languages (French, Spanish, German, Portuguese)

  • NEW New user attribute "nickname" can be used in leaderboards and tournaments

  • NEW Admin setting to enable Self-Registration of new users with special link - find details to enable here

  • IMPROVED Select a timezone when creating a tournament to help schedule your next event

New Content:

  • IMPROVED Assessments - New questions added for Java, .Net, Python, PHP, Node.js

Codebashing September 2021 Updates

Product Highlights:

  • NEW Dedicated Course dashboard for enrollment and course progress

  • NEW Team and User Leaderboard added to Dashboard

  • NEW Portuguese available for lessons and challenges

  • IMPROVED Broadcast module has been renamed to Communications - more coming soon!

New Content:

  • NEW React Course - Learn about the top vulnerabilities in React-based applications.

Knowledge Base Highlights:

  • Using Codebashing - New section covering all primary features for new users or those needing a refresher

Codebashing July 2021 Updates

Product Highlights:

  • NEW Admin dashboard for enrollment and course progress - see documentation for full details

  • NEW German available for lessons and challenges

  • IMPROVED Leaderboards can now be filtered by team

  • IMPROVED Team completion rates can now be configured to exclude manager's progress

New Content:

  • NEW AppSec for Decision Makers - Language agnostic course for managers, covering key concepts of Application Security, including OWASP Top 10

  • NEW AppSec for QA - Language agnostic course for QA and other non-developer roles, providing an Introduction to Application Security and OWASP Top 10

June 28th, 2021 - New Codebashing update

  • NEWreports format- the existing CSV report was improved with better visibility and more data. You can read more about ithere

  • NEWAPI:inviting users is now available through API. The API generates the invitation link and can be used and shared by the creator. You can read on our APIshere

  • NEWPHP frameworkwas added to the tournaments

  • IMPROVED - Draft mode for assessment creation was added. You can use it for saving the unfinished assessment before you publish it to your trainers

New Content:

  • NEW .Netadvanced 2

  • NEWJavaadvanced 2

  • NEWPythonadvanced 2

April 19th, 2021 - New Codebashing update

  • NEWTournamentstatistics for Users - Users can now see both new and old tournaments' statistics using the "see results" button in your Tournament view

  • NEWSpanish Localization is released and now available from your "account settings"

  • IMPROVED– User Deletion - it's now possible to delete users by uploading a CSV file

New Content:

  • NEW– .Net API Securitycourse

  • NEW–Java API Securitycourse

March 4th, 2021 - New Codebashing update

  • NEWTournamentstatistics for Admins- Admins can now see both new and old tournaments' statistics using the "see results" button in your Tournament view

  • IMPROVED Tournaments - Adding the ability to skip to the next question (for an admin) and providing a better, gamified experience by providing users with a graphic view of who has already answered the question

  • IMPROVED– Revamping the Users' Dashboard - providing a consolidated view with all the information learners need to track their progress until the full completion of their training!

February 9th, 2021 - New Codebashing update

  • NEWMultilingual support – courses language (English, French and soon Spanish) can now be configured by every user, and not in the account level. Great value for customers with global development teams!

  • NewTournaments Gamification – participants and admins are now getting live notification on other users answering the current question for higher gamification experience. The tournament admin can also now skip to the next question once all users have answered.

  • NewGlobal Assessment – assigning an assessment to all users, even for future users. Very relevant for customers who set the assessment to be the first activity assigned to their developers.

  • IMPROVED – User Deletion feature now enables deleting also users who are not consuming a license (simply for deleting them from the system, lists and reports).

  • IMPROVED – it is now possible to delete a Tournament

January 14th, 2021 - New Codebashing update

  • NEW - Lesson Extensions allowing admins to customize Codebashing lessons

  • NEW - Users Deletion allowing admins to delete users who haven’t used the platfrorm during the recent yearly service for freeing licenses

  • NEW - Just-in-Time training is now available also in Jira, GitHub, GitLab, Azure and more with CxFlow integration

  • NEW - Assessments Shared link – assigning assessments to users is now available via a shareable link for reducing managerial overhead

  • NEW - Tournaments Shared link – inviting users to participate in a tournament via a link for reducing managerial overhead

  • IMPROVED - 500 new questions added to Tournaments, 3 new question types added

  • IMPROVED - It is now possible to create a team without assigning members to it

Notes

Lesson Extensions

In order to address the growing need of our customers to customize their training to fit their organization's challenges and knowledge gaps, and to tailor made their

training accordingly, we are now supporting Lesson Extensions.

With lesson extensions, you have the ability to customize Codebashing lessons with your own additions. You can add text and link to any step of every lessons in order to:

  • Put higher focus on a topic mentioned on the lesson

  • Share your own specific example

  • Share information that is related specifically to your organization

  • Direct to additional reading materials, to code examples etc.

See /wiki/spaces/CCCD/pages/3054482998 for instructions on how to create lessons extensions

Users Deletion

Although licenses are assigned to specific users for the entire year, we understand that during the year changes do occur, with developers leaving your organization, or changing their roles, and new developers joining.

To adapt to these changes, you can reassign licenses according to a specifc criteria. Basically, you delete the old users, freeing their licenses, which you can then reassign to new users.

See documentation for instructions on how to delete users

Just-in-Time training into the SDLC

You can now have links to CodeBashing lessons added automatically to your tickets: Jira, Gitlab, Github, Azure and more, using Checkmarx CxFlow integration.

See CxFlow Documentation for instructions

December 6th, 2020 - New Codebashing update

  • Tournaments (NEW!)

  • Custom Course (NEW!)

  • Angular JS course (NEW!)

    • 8 lessons: Sandbox, CSRF, HTML and URL sanitizers and more

    • French localization support

  • Hacking Headlines - 3 new lessons:

    • Apache Unomi

    • Mozilla-Bleach Mutation Cross-Site Scripting (mXSS)

    • Cryptiles

  • 'Export' capability now supported in Challenges leaderboard - for viewing the entire leaderboard ratings

  • SAML integration extended to import user name and role

  • Assigned Lessons: added the ability to cancel lesson assignments

Notes

Tournaments

A Tournament is a live competition where developers compete with their peers to resolve application security (AppSec) related issues and is intended to sharpen developers’ secure coding and vulnerability remediation skills in an engaging and fun way.

See here for Codebashing Tournaments How to get started.pdf and for a short video CB Tournaments v02.mp4

Custom Course

In order to address the growing need of our customers to customize their training to fit their organization's challenges and knowledge gaps, and to tailor made their training according to the experience level of their developers, we are now supporting Custom courses.

Custom Course provides you with the ability to create your own course, assembled out of existing Codebashing lessons.

See here for a short video CB Custom Courses.mp4

Hacking Headlines

We frequently hear about hacking incidents in the news. However, usually, the media coverage will only cover the general details, not going to the technical specifics.

How interesting will it be to fully understand what actually happened there? What was the developer’s mistake that made this hacking possible?

This is exactly the focus of our Hacking Headlines lessons: these short lessons cover a real hacking story, providing both the general details but also drilling down to the code, analyzing the issue and teaching how to avoid it.

September 1st, 2020 - New Codebashing update

  • Angular 2+ course (NEW!)

    • Modules supported

      • XSS

      • Components with known vulnerabilities

      • Sensitive data exposure

      • Cross site request forgery

      • Server side validation

    • French support

  • Easier user configuration with a user list export (SSO based environments)

Fixes

  • Unlisted users can access codebashing from CxSAST when automatic registration is turned off

August 3rd, 2020 - New Codebashing update

  • Training pass - an assessment based capability

  • Front end course now supports french

  • Updated team view filters for administrators

Notes

Training pass

Training pass is a new configuration security teams can set for their secure coding assessments.

Based on the knowledge developers demonstrate with in their assessment, “Training-pass“ allows security teams to reduce or expand the required training.

In case a developer demonstrates the right level of skill (configurable), related training modules will be marked as if the developer had already completed those, thus reducing the overall number of training modules the developer is require to take. On the other hand, In case a developer didn’t demonstrate the right level of skill, “Training pass” will be able to assign the relevant training modules for that developer so it could have another review on the theory and best practices in each specific topic.

April 7th, 2020 - New Codebashing update released - 4.5

What’s New

  • Extended manager functions

    • Managers can broadcast to their team members

    • Managers can assign lessons to their team members

    • Managers can remind their team members to login

    • Managers can view team memebers across all teams via the "users" page

  • SSO environments can add single users

  • A new and special module for WFH developers !

Notes

Extended manager functions

Organizations can't rely only on their security teams to be the sole gatekeepers. They need their development teams' help in keeping its gates guarded against security attacks which partenering with development managers is key. After all security is everyone's responsibility.

Codebashing's new manager support now allows managers to reel developers into training by reminding them to login, use broadcasts as a communication channel for various security related announcements and even assign training modules to individuals that require it.

GO MANAGERS!

March 24, 2020 - New Codebashing update released - 4.4

What’s New

  • Bulk invitation reminder for administrators

  • Managers as regular team memebers

  • New Advanced Course in .NET

  • New modules covered in the advanced .NET course

    • SQL Injection

    • Command Injection

    • Second Order SQL Injection

    • Use Of Insufficiently Random Values

    • CSRF

    • SSRF

    • Reflected XSS

    • Stored XSS

    • Path Traversal

    • Session Fixation

Notes

Advanced .NET Course

Codebashing now offers a new type of .NET training that focuses on increasing .NET developers’ proficiency in identifying vulnerabilities in code.

The new code based lessons, can be considered as the next step for developers that are looking to extend their security training and for senior developers that search for more challenging training formats.

Manager role improvements

Managers can now be attributed as regular team members. We know that some teams include manager users that should be treated as standard users for the sake of assignment completions. You can select the team manager type via the team edit or assign it using the CSV upload mechanism.

March 11, 2020 - New Codebashing update released - 4.3

What’s New

  • Assessments

    • Category and vulnerability rating breakdown

    • Team filtering

    • User and Team assessment assignments

    • Skill improvement trends

    • Assessment scheduling

    • Topic curation

    • Reminders

    • APIs and Data exporting

Notes

Your “secured development skill graph” should always be on the rise. After all, what’s the point of investing in communication, engagement, and training, if all these efforts don’t pay off by reducing your software security exposure overall. To make sure this is the case, you need to keep a close eye on the progress of your development teams using Assessments.

February 11, 2020 - New Codebashing update released - 4.1

What’s New

  • New Advanced Course in JAVA

  • New modules covered in the advanced JAVA course

    • SQL Injection

    • Command Injection

    • Second Order SQL Injection

    • Use Of Insufficiently Random Values

    • CSRF

    • SSRF

    • Reflected XSS

    • Stored XSS

    • Path Traversal

    • Session Fixation

  • Assigned modules are factored in training completion calculations

November 30, 2019 - New Codebashing update released - 3.9.6

What’s New

  • User can belong to multiple teams

  • CSV upload support for multiple teams

  • New module covered in "Backend" courses (Java and .NET)

    • LDAP Injection

October 15, 2019 - New Codebashing update released - 3.9.5

What’s New

  • "Team" support in CSV upload

  • New "summery page"

  • Broadcast can target individual admins and managers

October 7, 2019 - New Codebashing update released - 3.9.4.1

Fixed

  • Links aren't properly redirected to destination after SSO authentication.

September 12, 2019 - New Codebashing update released - 3.9.4

What’s New

  • 2 new "Backend" courses (Java and .NET)

  • New modules covered:

    • Second order SQLi

    • SSRF

    • Unrestricted file upload

    • Password Storage

    • Race condition

    • Encoding vs. Hashing vs. Encryption module

  • Refreshed modules

    • SQLi

    • Command Injection

Notes

Back-end developers need app sec training that takes their specific use cases in mind. We added support for 5 new vulnerabilities: Second order SQLi, SSRF, unrestricted file upload, plain text password storage, and also refreshed 2 modules: SQLi and Command injection and added a cryptography primer to further expand on how back-end developers can better design their code to be more secure.

August 7, 2019 - New Codebashing update released - 3.9.2

What’s New

  • Source Code is available across +15 languages, bringing +360 vulnerable vs. remediated code examples

  • Broadcasts can target Teams

  • Broadcasts can be tracked via the activity feed

  • New Broadcast lesson templates

Notes

  • Source Code are available across +15 languages -Java, .NET, Python, C++, Php, Ruby, Scala, Android, ObjC, Javascript, Kotlin and more.

  • Communicating at the Team level - Large organizations that require teams to segregate their business units can now create messages specifically for that business unit's security awareness needs. Also available is individual targeting in case there is a need to communicate with a specific group of individuals with in the organization, such as "security champions".

  • Broadcast templates - 5 new module templates have been added so its easier to raise developer awareness to a certain vulnerability. Many more templates are on the way.

July 21, 2019 - New Codebashing update released - 3.9.1

What's new

  • Bulk user upload improvements

  • Broadcast templates

  • Broadcast mobile support

  • Developer team selection

June 26, 2019 - New Codebashing update released - 3.9

What's new

  • Team management is enabled to all customers

  • Exporting team level data

  • Create a team without a manager

  • Updated link to Codebashing's documentation site

  • Broadcasts - a new communication tool for security teams

  • Source code library including 30 re-mediated examples across .NET and JAVA

  • HTTP Course is now exposed to everyone

June 13, 2019 - New Codebashing update released - 3.8

What's new

  • Team management

    • Build, update or delete your teams

    • Track progress across teams and per team member

    • New user role - Manager

    • Managers can now own multiple teams

    • Managers have their own dashboard view

    • Upload multiple users to a team using a CSV file

    • Bulk primary course assignment upon team creation

    • Completion rate by primary course

    • Allowing admins to track training at the team level. Admins and managers can create teams of developers and assign single or multiple team managers to those teams for optimal training results.

May 13, 2019 - New Codebashing update released - 3.7.2

  • 3 new HTTP Best Practices modules (4/7)

    • Security headers

    • Misused headers

    • GET and POST Requests

  • Bulk user upload - enabling admins to register a group of users.

    Bulk user upload supports user role and primary course definitions accessible to customer admins. It enables an admin that wishes to create multiple users, to upload a CSV file with a list of users for creation while also be able to declare each user's primary course and set each user as admin or regular user.

  • Disable SSO automatic registration - disabling unregistered users from accessing the service when using SSO.

    Disable automatic registration is an improvement to our SSO based login mechanism and is only accessible to the CB support team. Before 3.7.2, the SSO would create a new user in the system if it wasn't already created. That is to make it easier for end users to on board the service. Disabling this automated creation of users enables an admin to control who has access to its system by blocking it in CB.

    Best practice is to prevent user access by using the customer IdP

February 12, 2019 - New Codebashing update released: new lessons - 3.7.1

As part of our ongoing efforts to continuously update and create new content, we added three new modules to our recently launched Front-End Security Basics course:

  1. Reflected XSS

  2. Stored (Persistent) XSS

  3. Cross-Site Request Forgery

December 15, 2018 - New Codebashing update released: new features

With the latest update, the following Codebashing features were released:

  1. Show-me-how tutorials on additional API endpoints were created, describing the API feature that allows for the assignment of lessons to a single user, or a group of users.

  2. The order of courses on the course page can now be changed manually (drag-and-drop) by the tenant admin. For example, the admin can put the most popular courses on top to guide the learning process of developers and mark the desired learning path.

December 15, 2018- New Course - Front End Security Basics

You asked, and we delivered. Due to many inbound requests from customers for a course that is more “front-end dev centric”, we very recently released just that… our Front End Security Basics.

We also have another exciting new course that will apply to web developers, irrespective of language, due to be released in the not too distant future… check back in soon for more updates.

November 20, 2018- Assign Lessons - Dashboard View

Previously we updated you on an API endpoint that allows you to assign (tag) lessons to users. We’ve released a front-end wizard allowing you to do this via the management dashboard (you can find this under User Management -> Assigned Lessons).

From that screen, you can assign courses and lessons to specific users, and also track progress completion for any and all users that have been assigned a lesson.

The main use case for this tool is targeted micro-learning for specific users. If you want to automate this based on external events and/or have a large developer population, assignment via API instead of the dashboard is strongly recommended.

September 13, 2018- Challenges - New Codebashing Training Feature

We have released a new feature to Codebashing - Challenges!

(You'll find it on the top navigation)

Each challenge includes 10 questions, selected randomly from a of pool of relevant questions, based on coding language, and difficulty level.

You can challenge yourself and see how good you are compared to your peers in the overall challenges leader board and in each specific challenge leader board. Try to beat the high score, but know that it only lasts for 6 months, so be you'll have to be on top of things all year long...

This is the first phase out of many for this feature. In this phase we have published a series of basic level challenges, to help you measure your knowledge before and after your AppSec training, on the most fundamental AppSec issues.

We are working on advanced level challenges for you, that will challenge even the experienced developers out there, we will publish them in the next couple of weeks.

June 27, 2018- Assign Lessons - New Codebashing API

We released a new API for Codebashing – Assigned Lessons.

With this API you have the ability to automatically assign a lesson to a specific user.

A user who has assigned lessons, will see his list of assigned lessons on the left side of Codebashing “My Progress” page (You can access this page via your username dropdown menu on the top-right corner).

Customer Admin’s will have a new section in which they view all of these assigned lessons & users in the company, and follow up with them.

This purpose of this API is to help customers solve advanced use-cases around just-in-time learning, get in touch if you’d like to know more.

June 14, 2018- OWASP Top 10 Vulnerabilities Coverage - 100%

We have released today a new lesson to all our web courses: "Using Components with Known Vulnerabilities".

With this new lesson we now cover all of OWASP TOP-10 Vulnerabilities.

In this lesson, the need for timely updates of proprietary and third-party code libraries is discusses and explained.

May 24, 2018 - New Codebashing update released: “My Dashboard”

We have released a new feature: “My Dashboard” page for learners.

Top goals of this new Dashboard are:

  • Give learners a quick overview of their learning progress

  • Give learners an opportunity to compare their performance to the performance of other learners in the company

  • Suggest new lesson topics to learners to improve their skills

April 17, 2018 - New Feature: End of Lesson Quizzing

Hello Customer Administrator, today we are very excited to announce an end-of-lesson quiz feature that has been released. Many customers had asked us to enhance the “verification” element of user learning, and we’ve done this by incorporating random quiz questions at the end of certain lessons within each Course Catalogue. Not only this, but we have tied the quiz scoring system into the gamification framework, whereby users are incentivized and rewarded to answer questions correctly or lose valuable points for each incorrect answer. We will be further expanding the quiz bank with direct input from the world-renowned Application Security Research team at Checkmarx! We also have some exciting plans in the works for expanding this feature further over the coming months, stay tuned…

March 21, 2018 - SAML/SSO enhanced capability and custom fields

Hi Customer Admin,

Do you sometimes wish that you could filter your users by their department, their manager, their job function, or similar? Well now you can (as long as you have this data within your Active Directory environment associated with each user!). SAML/SSO integrated customers can now configure up to 5 custom fields from AD, on a self-service basis by visiting your Account Settings page within your Codebashing tenant. Once you’ve done this you will then see those fields within your CSV exports.

If you need more info, contact us at [email protected].

NB: Don’t forget that you will still need to work with your Identity & Access Management to setup the SAML claims rules at the customer-end so that they can be exposed to your Codebashing tenant.

March 12, 2018 - Recent and future updates to CSV export file format

Hello Customer Admin, just a short update to let you know that there has been a minor change to the CSV file format to include a field that shows whether a user is enabled/disabled to make life easier for you. Additionally, within a couple of weeks you will be able to add “custom fields” to your CSV file by making changes to your SSO/SAML integration - if you want to know more about using this capability to improve your training tracking and filtering needs, please email us a [email protected].

March 11, 2018 - Codebashing - Show Me How Feature Updated.

Customer Administrators, this one is for you. In the spirit of making our platform as easy to use as possible for you, we’ve released a further set of “show me how” instructional tours aligned to specific Administrator use-cases within the platform. You can access all of them conveniently from your Admin toolbar. They take about 15-30 seconds to each to view, and each has been developed based on the most frequently asked question we receive from other Customer Administrators.

February 22, 2018 - New Lesson: Insecure Object Deserialization

We've just released another new module into our range of course catalogues, this time focusing on Insecure object deserialization! As always, check in here for the latest lessons, features and updates to Codebashing!

February 13, 2018 - Feature Update: New Awards and Rewards: Additional Badges

As part of our push towards a more game-like training experience for users, we’ve expanded our range of earnable badges! Don’t forget to check back here frequently for our latest updates. Including incentives for learners that supply recommendation enrichments that are then available to their colleagues (via the recently released feature we mentioned around users being able to add additional links at the end of lessons to things like internal secure coding standards on an intranet, for example).

February 12, 2018 - Feature Update: OWASP, Sans10, CWE reference links for lessons

To within each course landing page we’ve included links to common vulnerability rating systems including: OWASP Top 10, Sans Top 25 and CWE. With this, we aim to provide users with a frame of reference of where certain vulnerabilities fit in to the AppSec landscape, as well as provide further research opportunities to those learners that want it.

January 28, 2018 - New Lesson: Insecure TLS validation

We’ve expanded our range of course content! We’ve listened to to our customers and have added a new lesson into our course catalogue covering Insecure TLS validation. Don’t forget to check back for new lessons, features and updates to Codebashing regularly!

December 26, 2017 - Update: New Admin Look

Following on from the revamped UI, the Admin interface has a new look, but whats more its the foundations for better charts, widgets and visualisations to come! We've improved the look and feel of the Dashboard components as well as providing better flow to their layout, making it even easier to get an overview of organisations Codebashing usage. The Admin sidebar has also been reorganised to provide clearer access to Analytics, User management and Data export functionalities.

November 30, 2017 - Update: Improved Reporting

We've just released an update to the management interface, improving the reporting capabilities within the platform! Firstly, we've given the 'Admin Dashboard' an overhaul, making charts more relevant and improving the flow, giving admins an at-a-glance overview of training progress. Secondly, we've add filtering functionality to the 'Manage All Users' screen, making it easier manage user groups from within the platform. Check back soon, as we have more improvements due to the management interface over the coming weeks!

November 29, 2017 - New feature: User Enriched Content

Do you have an internal AppSec wiki or secure coding guidelines on your intranet? We have just released our latest feature for “User Enriched Content”, allowing users to add links to additional resources directly into the relevant Codebashing modules. Users are able to access these while playing though Codebashing, colleagues can up-vote the best resources, helping you get more from your AppSec training activities.

November 24, 2017 - Revamped UI

We have pushed a number of new features into production recently, most visible of these is our new revamped user interface across our original course catalogues. Not only does this bring them inline with our mobile courses, meaning more navigable and clearer code-walkthroughs, improved interactivity and module summary, but you can also navigate backwards through modules if you need to replay a previous step.

November 15, 2017- New course released for Go

Hello Codebashing Administrator, we wanted to let you know that our customers ask, and we listen! One of the most frequently requested languages that Codebashing should cover was the Go language.

Today at Codebashing we are pleased to announce the release of our new Go course catalogue of common vulnerabilities and how to prevent them.

We’ve got some very exciting features planned for release in the run up to the end of the year, so don’t forget to login and check the news feed within the software.

October 17, 2017 - Support Address Changed

Hello Codebasher! We just wanted to let you know that for any and all support issues, the new support alias you should use is [email protected]. (ps: in case you missed it, Codebashing was recently acquired by Checkmarx, this is the reason for the change).

October 11, 2017 - Badges Data API

In addition to existing API endpoints admins can now programmatically extract data related to badges users have collected. A range of additional badges that users can collect will be coming soon.

To learn more about the analytics API and how to use it go to the API Credentials page.

August 28, 2017- New Courses Released for Android and iOS

We are proud to announce the launch of our brand-new Android & iOS courses!

The new mobile course catalogue covers the following languages and frameworks:

  • IOS – Swift and Objective-C

  • Android – Java and Kotlin frameworks

Mobile course modules include the following common vulnerabilities and mitigation techniques:

  • Forceful Browsing

  • Excessive Logging

  • Cached Login Credentials

  • Unprotected Background Screenshots

  • Enable Autocomplete Fields

  • Insecure Local Storage

  • Sensitive Data in PList File

  • Client Side Injection