Features & Benefits

Software Security Training and Beyond

Software is exposed from many angles, yet many training providers offer a one-size-fits-all approach that:

  • Provides generic material: while this builds awareness, it doesn’t hone job-specific knowledge
  • Focuses on developers: reduces only a small percentage of risk introduced by the entire delivery team
  • Ignores emerging technologies: teams need the context of microservices, AI, and the next hot “thing”

As a result, teams are left unprepared, never gaining incremental knowledge to move the security needle.

Our program is purpose-built for all software security stakeholders, updated quarterly, and reflects tomorrow’s threats.

  • Highly Engaging

    Our courses aren’t task repetition or based on remedial “line of code” hunting. They include rich animations, humor, and hands-on exercises that present complex topics in a way that can be easily understood. For example, in a technical course, we may include an input sanitation simulation to illustrate the impact of a SQL Injection attack or have the learner debug a block of Java code. Conversely, a fundamentals course may have a drag-and-drop game to classify sensitive data.

    Courses include nine different interactivity types:

    • Code Commit
    • Find-the-Fix
    • Drag and Drop
    • Spot the Defect
    • Branched Learning
    • Timeline/Maze
    • FlashCards
    • Hot Spots/Puzzles
    • Best Practice Mastery


  • Expert and Up-to-Date Content

    We aren’t a security product company that “does training on the side” or a security generalist. For almost two decades, we’ve focused exclusively on software security – conducting security assessments of the world’s most prolific software and helping clients secure them. Our expertise is unrivaled.

    With  ~20 new courses per year, we keep you ahead of the threatscape. We maintain a product roadmap driven by customer feedback and industry trends. Compare it to the competition and immediately see our commitment to accurate and timely knowledge.


  • Powerful Reporting
    Schedule reports and save them as CSV, Excel, or PDF files. Filter by group, individual, course and other variables including:

    • Total users by course or curriculum
    • Course/curriculum start and completion rates
    • Average grades and time spent on each course
    • Initial and last login attempt (nudge emails can be triggered)


Unlimited Power. Reduce Risk from All Angles

  • Build security into the design
  • Code defensively in multiple languages
  • Integrate 3rd party components securely
  • Mitigate platform-specific threats
  • Defend multi-tiered deployments
  • Comply with compliance mandates
  • Groom Security Champions
  • Hands-Free Rollout & Maintenance

    Choose to self-host with SCORM files or use our Cloud platform with SSO. Both options include automatic course updates. Using the Admin Dashboard, easily send welcome and nudge emails,  add/remove users, and create notification mechanisms to give users instant access. Our customer support team ensures a headache-free rollout and ongoing optimization.

  • Fully Featured & Intuitive
    • HTML5 responsive, mobile-ready
    • Stop/start/pause functionality
    • Direct access to learning paths
    • WCAG and SCORM Compliant
    • Glossary to ensure terminology is understood
    • Printable course transcript to use as a reference
    • Knowledge checks, exams, ability to “test out”
    • Submit feedback,  print certificate of completion


  • Build an Attack & Defend Mentality

    Unique in the industry,  we combine courses with a cyber range for a fun yet effective way to build “Attack & Defend” habits. Similar to flight simulators, CMD+CTRL provides an authentic environment to hone skills after classroom/online training.

    This multimodal approach encourages teams to think more critically, consider the bigger picture, and realize the consequences of haphazard software development and operations.  Experiencing a vulnerability from a holistic (and attacker) perspective drives behavior change – your ultimate goal.

We are if you are.