Contrast Security Integrates with Secure Code Warrior
July 14, 2021

Contrast Security announced its integration with Secure Code Warrior to deliver security contextual micro-learning modules to enhance developers' skills to easily fix vulnerabilities without the need of a security team.

Contrast's Security Trace format pinpoints exactly where a vulnerability appears in the code and provides line-of-code insight. The integration then provides just-in-time "how-to-fix" help via micro-videos and interactive contextual courses that are specific to the code that is being fixed or the vulnerabilities found by the Contrast Application Security Platform.

Recognizing that traditional security training models simply do not scale and provide developers with the just-in-time training demanded by modern software development life cycle (SDLC), Contrast and Secure Code Warrior have partnered for an approach that empowers developers to develop secure coding skills while they write and release code. Secure Code Warrior's contextual micro-learning modules are integrated into the Contrast Application Security Platform to deliver accessible hands-on, bite-sized education that is language- and framework-specific. This provides developers with the right type of skills and knowledge needed to succeed in their day-to-day work. As part of this process, video-based training is embedded in the "How-to-Fix'' sections on the Contrast UI and IDE plugins and via the Secure Code Warrior Jira plugin.

"Developers care about security but struggle due to legacy training approaches that fail to deliver contextually relevant guidance that they need," said Nikesh Shah, Sr. Director of Strategic Alliances at Contrast Security. "We need developers to be security-aware, not security experts, and education and automation are at the foundation for DevSecOps transformation. Just-in-time training within the Contrast platform is immensely more effective — and efficient — than traditional security classroom training that is theoretical rather than practical. The integration between Secure Code Warrior and Contrast enables developers to learn and develop secure coding practices that significantly reduce the number of vulnerabilities introduced into new code. This improves the productivity of developers who are under increasingly greater time pressures while dramatically reducing application risk."

DevSecOps requires continuous security education, security by design, and security automation. By enabling a culture of security awareness, developers remain agile and a higher, safer standard of software security is possible. Specifically, when security training is engaging and delivered in the languages and frameworks that are actually used, it is a powerful learning experience. Contrast and Secure Code Warrior aim to enable developers to level up their security knowledge and skills while leaving behind boring assessments and tick-the-box training.

"We will never have enough application security specialists to deal with the amount of code being produced. It is time to stop trying to win an impossible game," said Stephen Allor, Head of Partners, Global at Secure Code Warrior. "The integration with Contrast provides the right tools, just-in-time learning, and support to deliver a human approach which shifts culture and behavior to make security an integral part of an organization's DNA. The partnership empowers developers to gain hands-on skills and to learn by doing."

Share this

Industry News

July 29, 2021

Couchbase announced the general availability of Couchbase Server 7.

July 29, 2021

Cycloid has unveiled Infra Import, a tool that automatically reverse engineers Terraform Infra-as-Code (IaC) from manually deployed infrastructure.

July 29, 2021

Launchable closed a $9.5 million Series A investment.

July 29, 2021

Rafay Systems announced automation and monitoring enhancements to its flagship Kubernetes Management Cloud (KMC).

July 28, 2021

Progress announced the R2 2021 release of Progress Telerik Test Studio, the enterprise UI test automation platform.

July 28, 2021

Synopsys announced the availability of new Rapid Scan capabilities within the company's Coverity static application security testing (SAST) and Black Duck software composition analysis (SCA) solutions.

July 28, 2021

Bitdefender announced GravityZone Security for Containers, expanding its cloud workload security (CWS) offering with run-time support for containers and Linux kernel independence.

July 28, 2021

Armory announced Armory Enterprise on AWS Quick Starts, automated reference deployments built by Amazon Web Services (AWS) solutions architects and AWS Partners.

July 27, 2021

Katalon introduced Katalon TestOps, an open and comprehensive test orchestration platform designed to help enterprises scale test automation and streamline DevOps pipelines.

July 27, 2021

Digital.ai achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status for an Enterprise Agile Planning (EAP) tool.

July 27, 2021

Aqua Security rolls out the availability of its new Aqua Platform, with a unified console to ease the journey from scanning and visibility to workload protection in cloud native environments.

July 26, 2021

Parallel Agile announced a new version of CodeBot, a low-code MERN stack application generator.

July 26, 2021

Appian unveiled its new Appian Japan regional office.

July 26, 2021

CloudTruth raised $5.25 million in seed funding led by Glasswing Ventures and Gutbrain Ventures, with additional funding from Stage 1 Ventures and York IE.

July 22, 2021

Postman successfully obtained the System and Organization Controls (SOC) 2 Type 2 and SOC 3 Type 2 reports for the Postman API platform, meeting critical industry standards relative to the Trust Services Criteria for security, availability, and confidentiality.