News & Events

Press Releases

Security Innovation Launches New, Realistic Cyber Range to Help Companies Develop More Secure Software Applications

Company’s latest CMD+CTRL Cyber Range uses gamification and challenges teams to think like an attacker

Wilmington, MA – June 12, 2023Security Innovation, a leader in software security assessment and training, today announced the release of a new, intermediate-level cyber range as part of its CMD+CTRL software security training series. Containing 45 security challenges and 14 vulnerability types based on common security risks from the OWASP Top 10, CWE, MITRE ATT&CK® framework, and others, the training teaches participants how to better protect against the latest cybersecurity threats in a simulated system by having them act like attackers.

The newest component of a comprehensive application security training program, Shadow Health, is designed for organizations in any industry and replicates attack scenarios via an authentic but intentionally insecure healthcare portal platform built on a cloud-native tech stack. While the cyber range uses a web application scenario familiar to the healthcare industry, the training is designed to apply to all types of applications to help cross-functional teams, including application developers, security engineers, and QA engineers, make their solutions less vulnerable to cyberattacks.

Through a fun, interactive, gamified approach to training that includes missions, competitions, and leaderboards, companies can use Shadow Health in conjunction with related courses and labs to assess employee application security competency and maximize learning and collaboration. Challenges include broken access control, injection, cross-site scripting vulnerabilities, SSRF, Log4j, and five special “capture the flag” challenges.

“Putting employees in the seat of the attacker gives them a better perspective on how to make their software safer,” said Fred Pinkett, Senior Director, Product Management at Security Innovation. “We have designed this cyber range to be a challenge for employees of all skill levels. Overall, fewer than 20% of participants identify all the issues, and the average participant finds less than half.”

Rise in Simulated Cybersecurity Training

Realistic simulations are an increasingly important component of software security training. A recent Security Innovation and the Ponemon Institute report found that 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020. The effectiveness and motivation of realistic training are one reason ROI for cybersecurity programs incorporating realistic simulations grew from an average of 30% in 2020 to 40% in 2023.

“Security training needs to be more engaging, while keeping up with the current challenges faced by developers and software security teams,” said Pinkett. “Being able to see the implication of an attack in the form of stolen data and fraudulent transactions turns vulnerabilities from theoretical issues to tangible problems. Shadow Health includes the vulnerabilities that plague enterprises today in a realistic and contextual training that helps developers master the art of vulnerability detection in an engaging and fun way while helping organizations build a security-focused culture.”

The CMD+CTRL Security Training Program

More than 250 companies and 25,000 participants have enhanced their skills in Security Innovation’s cyber ranges. The integrated, role-based cybersecurity training portfolio includes over 350 online courses and hands-on learning labs designed to prepare learners to prove their skills in the cyber ranges. Shadow Health is the 11th immersive cyber range in the Security Innovation library and is offered in sessions ranging from a half-day to a full week. It is designed to present an intermediate-level challenge that complements other ranges that vary in difficulty and tech stacks, including:

  • Shadow Bank (basic) – banking application focused on OWASP Top 10 and security principles
  • Forescient (intermediate) – AWS infrastructure with front-end website, virtual servers, accounts, and services
  • LetSee Marketplace (advanced) –single page application (SPA) with a heavy API focus
  • Infinicrate (advanced) – cloud file storage application for teams using GitHub, cloud services, and development tools
  • MailJay (advanced) – level challenge cloud-native marketing automation SaaS suite that emulates a modern-day marketing application, as well as its front-end and back-end services

Availability and Pricing

Shadow Health is available immediately. Pricing depends on the number of participants, the length of the session, and proctoring requirements. To learn more about the Shadow Health Cyber Range, register for the upcoming webinar Introducing Shadow Health, the Game-Changing Cyber Range, taking place June 14, 2023, at 11 am EDT.


Security Innovation is a pioneer in software security and literally wrote the book on How to Break Software Security. Since 2002, organizations have relied on our assessment and training solutions to secure software wherever it runs. Our training solutions combine interactive modules, scenario-based labs, and hands-on cyber ranges to build skills that stick. Visit to learn how we can help you launch a best-in-class security program.


All trademarks are the property of their respective owners.

Media Contact:
Jennifer Asaro
C+C for Security Innovation