HackEDU: on-demand secure development training

 

HackEDU offers interactive training for effective secure development, based on the active involvement of developers to reduce the risk of vulnerabilities in code.

With HackEDU’s interactive training, developers improve their ability to write secure software and increase their understanding of how software is hacked.

The HackEDU training is different in that it focuses on offensive security which is more interesting than just the defensive  training and uses developer’s interest in problem solving.

Languages and Frameworks

Python
Ruby
PHP
Laravel
C#
.NET
Go
Node.JS
Angular
React
Java
C++

115+ topics in Secure Development Training

This course covers the OWASP Top 10 web vulnerabilities as well as additional vulnerabilities. Additional vulnerabilities can be added if requested.

SQL Injection NoSQL Injection Command Injection Remote Code Execution
XSS Broken Authentication and Session Management Authentication Rate Limits Weak Session Management
Password Handling and Storage Cross-Site Request Forgery Clickjacking Broken Access Control
Security Misconfiguration Sensitive Data Exposure Encryption Best Practices Using Components with Known Vulnerabilities
XML External Entities Buffer Overflow Heap Overflow

 

Features

Interactive, Hands-On Training

Developers are problem solvers and learn most effectively through hands-on real-world scenarios. Video and PowerPoint lessons don’t cut it.

Offensive & Defensive Approach

Proven to be more effective and more engaging than defensive training alone.

Save Developer Time

This training has a 4.4x ROI on saving developer time. Developers can do these lessons over time at their own pace.

Accountability with Code Fixes

Developers must correctly fix vulnerable code to pass lessons. To train developers effectively, they need to code.

Gamification

Developers can compete, challenge, and earn points in capture the flag style challenges. This further engages developers to learn secure coding practices.

Certify Developers

Developers earn the HackEDU certification for completion and passing all code patches.

Compliance

Meet & manage PCI-DSS, NIST 800-53, SOC, GDPR, FADP developer training requirements.

 

Advanced Lessons

These lessons are based on vulnerabilities found in real applications from HackerOne’s bug bounty program.

Clickjacking Blind XXE Esecuzione di codice remoto SQL Injection con SQLMap XSS utilizzando PostMessage

Included Public Vulnerabilities

HackEDU has sandboxes with public vulnerabilities to learn real world offensive and defensive security techniques in a safe and legal environment.

Drupalgeddon2
Struts
Zip slip

This sandbox replicates a public Remote Code Execution (RCE) vulnerability in Drupal (CVE-2018-7600).

This sandbox replicates a public Remote Code Execution (RCE) vulnerability in Apache Struts 2 (CVE-2018-11776).

This sandbox replicates public vulnerabilities with archive software.

Integrate SAST/DAST and Bug Bounty programs

SAST, DAST, and IAST are great tools that can complement each other. Ideally, it would be best to use a combination of tools to ensure better coverage and lower the risk of vulnerabilities in production applications. The SDLC has significantly sped up in the last few years and traditional testing methods cannot keep up with the pace of web development. Using automated testing tools in the early stages can significantly improve security with minimal cost.

However, keep in mind that these tools are not meant to be a replacement for all other secure coding practices, but rather are part of a larger application security effort.

HackEDU integrates with the most popular SAST and DAST tools, bug bounty platforms, SCA tools, code repositories, and issue trackers. An adaptive training plan is created automatically with HackEDU’s hands-on lessons for each software developer based on dozens of variables about the vulnerabilities found in your applications and the developer’s performance.

 

 

Administration Management Dashboard

The HackEDU Admin Dashboard makes it easy to manage and monitor your organization’s training.

Dashboard Features

  • Monitor your team’s progress
  • Create custom training plans
  • Setup SSO
  • Schedule your teams training to fit your needs
  • Generate Certificates for compliance audits

Coding and Hacking Challenges

Coding Challenges are labs where software developers practice finding and fixing vulnerabilities in software. Developers have to both find the vulnerability and then securely code in order to pass the challenge. These challenges compliment HackEDU’s lessons and can be assigned before or after lessons to ensure that the training concepts are solidified.

HackEDU’s Coding Challenges can also be used as assessments to evaluate the secure coding competency of developers!

 

HackEDU advantages

  • Preventing vulnerabilities in Production SOftware
    • Drive adherence to secure coding standards
    • Improve developers’ ability to find and fix vulnerabilities in code
    • improve your overall security posture
  • Reducing operating costs
    • Reduce coding errors
    • Arm developers with the knowledge they need to be able to stop vulnerabilities at the earliest stage in their SDLC
    • Reduce time to release production code
  • Scaling in person training is a time suck- and ineffective (not to mention, nearly impossible with COVID)
    • Enable developers to practice and test their skills in a real world environment
    • Create personalized training plans based on weaknesses identified
    • Hold developers accountable for mastering topics

 

Contact us to know more!