Security company Veracode has announced it will be offering a Security Labs Community Edition as a free-to-use alternative to its Enterprise Edition. This new edition will allow developers to hack and patch real applications, allowing them to learn new tactics and best practices in a controlled, safe environment.

The company had recently partnered with Enterprise Strategy Group to survey developers and security professionals. They found that 53% of organizations provide security training less than once per year, and 41% believed it was the responsibility of security analysts to educate developers on security. 

Veracode felt that developers are increasingly being asked to take more responsibility for securing code, which means it’s increasingly more important for them to get training on how to incorporate security into their applications.

‘Security debt’ the focus of 2019 State of Software Security report
Application security: Best practices vs. practicality

“With Veracode Security Labs Community Edition, you now have the tools you need to close any gaps in security knowledge that are holding you back. It’s a module that fits within the Veracode Developer Training product family, featuring tools and robust programs built with interactivity in mind so that developers can get their hands on a practical training tool at a moment’s notice,” Fletcher Heisler, director of developer enablement at Veracode, wrote in a post

The main differences between Veracode Security Labs Enterprise Edition and this new Community Edition are related to scalability. For example, Enterprise Edition offers features like full compliance-based curricula, rollout strategies, and progress reporting. The company explained that the benefits for individual developers remain the same for both editions. These benefits include the ability to exploit and remediate real-world vulnerabilities, fast remediation guidance, hands-on training, and the ability to gain confidence through interactive trial and error. 

The Community Edition covers topics that range from beginner to advanced. Sample topics include common ReactJS pitfalls, Bash terminal usage, HTTP header injection, replay attacks, and mass assignment flaws. It plans to continue adding new labs and challenges over time. 

“When it comes to closing gaps and realigning priorities, education is key – but it isn’t one-size-fits-all. Whether you want to enroll your entire team of developers into a customizable training program or you’re looking into developer education as a pathway for individual growth, Veracode Security Labs helps level the playing field by ensuring everyone is on the same page about critical security issues in software development,” Heisler wrote.