Features & Benefits

Most extensive secure code, application, and software training and beyond.

Software Security Training and Beyond

Software is exposed from many angles, yet many training providers offer a one-size-fits-all approach that:

  • Provides generic material: while this builds awareness, it doesn’t hone job-specific knowledge
  • Focuses on developers: reduces only a small percentage of risk introduced by the entire delivery team
  • Ignores emerging technologies: teams need the context of microservices, AI, and the next hot “thing”

As a result, teams are left unprepared, never gaining incremental knowledge to move the security needle.

Our program is purpose-built for all software security stakeholders, updated quarterly, and reflects tomorrow’s threats.

  • Highly Engaging

    Our courses aren’t task repetition or based on remedial “line of code” hunting. They include rich animations, humor, and hands-on exercises that present complex topics in a way that can be easily understood. For example, in a technical course, we may include an input sanitation simulation to illustrate the impact of a SQL Injection attack or have the learner debug a block of Java code. Conversely, a fundamentals course may have a drag-and-drop game to classify sensitive data.

    Courses include nine different interactivity types:

    • Code Commit
    • Find-the-Fix
    • Drag and Drop
    • Spot the Defect
    • Branched Learning
    • Timeline/Maze
    • FlashCards
    • Hot Spots/Puzzles
    • Best Practice Mastery


  • Expert and Up-to-Date Content

    We aren’t a security product company that “does training on the side” or a security generalist. For almost two decades, we’ve focused exclusively on software security – conducting security assessments of the world’s most prolific software and helping clients secure them. Our expertise is unrivaled.

    With  ~20 new courses per year, we keep you ahead of the threatscape. We maintain a product roadmap driven by customer feedback and industry trends. Compare it to the competition and immediately see our commitment to accurate and timely knowledge.


  • Powerful Reporting
    Schedule reports and save them as CSV, Excel, or PDF files. Filter by group, individual, course and other variables including:

    • Total users by course or curriculum
    • Course/curriculum start and completion rates
    • Average grades and time spent on each course
    • Initial and last login attempt (nudge emails can be triggered)


Unlimited Power. Reduce Risk from All Angles

  • Build security into the design
  • Code defensively in multiple languages
  • Integrate 3rd party components securely
  • Mitigate platform-specific threats
  • Defend multi-tiered deployments
  • Comply with compliance mandates
  • Groom Security Champions
  • Hands-Free Rollout & Maintenance

    Choose to self-host with SCORM files or use our Cloud platform with SSO. Both options include automatic course updates replete with detailed release notes. Using the Admin Dashboard, easily send welcome and nudge emails,  add/remove users, and create notification mechanisms to give users instant access. Our customer support team ensures a head-ache rollout and ongoing optimization.


  • Fully Featured & Intuitive
    • HTML5 responsive, mobile-ready
    • Stop/start/pause functionality
    • Direct access to learning paths
    • WCAG and SCORM Compliant
    • Glossary to ensure terminology is understood
    • Printable course transcript to use as a reference
    • Knowledge checks, exams, ability to “test out”
    • Submit feedback,  print certificate of completion


  • Build an Attack & Defend Mentality

    Unique in the industry,  we combine courses with a cyber range for a fun yet effective way to build “Attack & Defend” habits. Similar to flight simulators, CMD+CTRL provides an authentic environment to hone skills after classroom/online training.

    This multimodal approach encourages teams to think more critically, consider the bigger picture, and realize the consequences of haphazard software development and operations.  Experiencing a vulnerability from a holistic (and attacker) perspective drives behavior change – your ultimate goal.

We are if you are.