Apiiro + Secure Code Warrior: Uplevel your AppSec program with hyper-relevant secure code training

At Apiiro, we know how important consistent developer training is for improving the impact of your AppSec initiatives and the overall strength of your application security. Training is most effective when it’s meaningful and relevant, which is why we’re excited to announce our new integration with Secure Code Warrior.

By bringing together the deep context, automation workflows, and holistic visibility of Apiiro’s ASPM with Secure Code Warrior’s best-in-class training catalog, this integration delivers hyper-relevant, real-time developer security training to have a force-multiplying effect on your AppSec program.

Hyper-relevant secure code training

When it comes to secure code training, Secure Code Warrior has paved the way for agile learning with their hands-on approach and extensive training catalog covering 63+ languages & frameworks, 5,500 hands-on challenges, and 147 application security topics. To take “learning by doing” to the next level, this integration delivers training based on what developers are actively working on.

Apiiro maps findings—detected by Apiiro or ingested by third-party security tools—to the relevant training by type and language in Secure Code Warrior.

By providing developers with training that’s specific to security issues they personally introduced, and in the applicable programming language, this integration saves developers time by avoiding trainings that aren’t as relevant to them.

From early results, we’ve seen that this has a positive impact on developers’ retention of security best practices, a deeper understanding of the root cause of risk, and a powerful long-tail effect of reducing repeat vulnerabilities.

Seamlessly embedded into development workflows

The SCW platform ensures that developers integrate learning into their daily workflow and gives them the ability to learn without leaving the familiar environments of the development tools they use every day. In keeping with Secure Code Warrior’s ethos of meeting developers in the tools that they use, this integration helps developers learn where and when it can have the greatest impact.

Apiiro ties all risks to the relevant repository, code lines, and code owner(s), making it easy for security to track down the developer or team best suited to make a fix. This integration leverages that context and Apiiro’s automation workflows to surface relevant trainings via tickets, issues, or messages to the relevant developer or team.

Training can seem purely theoretical when detached from the day-to-day rhythm of software development. This integration makes secure coding practical and timely by triggering trainings when developers are actively working on remediating a specific risk so they spend less time researching issues and fix them faster. This integration also minimizes disruptions to developers’ workflows and eliminates the need to remember to do something in a separate tool at some future point in time.

Holistically integrated into AppSec programs

Strong application security requires even stronger feedback loops between AppSec and developers. This partnership is a commitment to exactly that, beyond delivering hyper-relevant, just-in-time training.

With Apiiro’s unified AppSec reporting and dashboards, it’s easy to identify trends in risk types or teams that may have above-average new vulnerabilities or below-average mean time to remediation (MTTR).

These insights can then enable you to scope future secure code training curriculums that are tailored specifically to your organization and tech stack. With holistic reporting, you can also seamlessly track the impact of developer training initiatives on key AppSec KPIs such as volume of new and closed risk, MTTR, and even developer velocity.

Lastly, Apiiro’s continuous application and software supply chain inventorying gives us unique insight into the code contributors who are making positive impacts on security—your security champions!

Leverage your existing security champions to move your security culture forward and see new ones step up with the help of this integration!
···

Consistent and intentional developer security training is a key component of a successful AppSec program and we are excited to see the impact this integration with Secure Code Warrior has on our joint customers’ AppSec programs. Training with real issues in real time leads to better retention of secure development best practices which leads to fewer risks introduced into code over and faster MTTRs.

Learn more about this integration on the Secure Code Warrior blog and schedule a demo to see its benefits in action.