Veracode Security Labs is a new module within the Veracode Developer Enablement product family which includes rich programs and eLearning tools that aim to engage developers with practical training. Veracode Security Labs teaches modern secure coding techniques through guided, interactive online exercises that train developers to tackle modern threats. It teaches AppSec skills through hands-on experience using examples taken from real-world exploits to ensure developers can apply new skills immediately. In January 2020, Veracode acquired the technology behind Security Labs from Hunter2. The new offering is immediately available to customers.

“[This program] provides an interactive, web-based experience for engineers where they get to use a code editor, interact with a real Linux server, and real application stacks. The platform enables guided lessons that help engineers understand vulnerability classes, exploit them, and most importantly…patch the issues,” said Mark Stanislav, Head of Application Security, Duo Security at Cisco1. “Our team chose this platform for not just the level of interaction engineers have, but because unlike other offerings the labs it comes with are not the end of the road -- we could bring our own lessons, too. That’s a critical feature for our team that enables us to cater specifically to our engineers’ needs and also to keep pace with application security trends more readily.”

Using Veracode Security Labs, companies can create customized labs that are relevant to their tech stack and business objectives. The training uses web apps written in an organization’s chosen languages, so the skills and strategies learned are directly applicable to the organization's environment. Developers can continue to level up their secure coding skills with progress reporting, new assignments, and a leaderboard within the tool.

“Research shows that developers often outnumber security professionals 100 to one, so when development teams are empowered to fix flaws and code securely, AppSec programs scale,” said Ian McLeod, Chief Product Officer, Veracode. “Veracode Security Labs engages and actively teaches developers by giving them a contained space to work with real code, and demonstrates how to avoid flaws that have led to some of the headline-making vulnerabilities of the last few years. With this approach, in as little as five to 10 minutes, developers can learn new skills and deliver secure code on time.”

Security teams often don't have the bandwidth or expertise to teach security skills to large teams of developers in their organization. The result is an ever-growing mountain of security debt . With Veracode Developer Enablement, development teams can leverage Security Labs, eLearning, and training tools, and an array of other security expertise and guidance and the Veracode Community for peer input.

About Veracode

Veracode is the leading AppSec partner for creating secure software, reducing the risk of security breach and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of automation, integrations, process, and speed, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Veracode serves more than 2,500 customers worldwide across a wide range of industries. The Veracode cloud platform has assessed more than 14 trillion lines of code and helped companies fix more than 46 million security flaws.

