Let’s take a look at the view a new student gets when they sign up for our platform.
First, they receive an invite to complete registration and obtain access to the course (or multiple courses). Once registration is completed, the student is guided through the process of using the platform. No human element is required.
The student then begins a review of the content in the course modules. Each module within the course has a set of videos that show how to identify weaknesses found in applications of the specific framework or language. In each section, the student will have an introduction to the vulnerability, learn how to identify the vulnerability, and then learn how to fix the vulnerability. For example, if this student is enrolled in the Java course, they would watch a video about the topic of SQL Injection, learn that string concatenation can be dangerous and why, and then learn how to write safe, parameterized queries in order to prevent it.
As mentioned, each course contains a fully functional vulnerable application that students will use to immediately test what they’ve learned. This vulnerable application contains security flaws encountered in real-world code, and they are mapped to the OWASP Top 10.
When the student is ready to move onto the remediation exercises, they start their browser-based, Cloud IDE instance and fix the type of issues they’ve seen in the content. Finally, the student checks their code into our backend infrastructure to have it analyzed and graded.
When a student checks in code with Git (all without ever leaving their browser), a little bit of magic happens on the backend. Using a set of security-centric unit tests as well as other identification techniques, we let the student know if their code solved the problem or if they still have work to do. When their originally vulnerable, and now secure, application code passes all of the tests, then congratulations, they’ve mastered the course material.
No one likes to be chained to a desk when they have to get something done. After all, it’s 2017 and we’ve been mobile for ages already. Our users have grown to expect strong mobile support for every product they use, and this expectation should be no different for a training tool. Users of the nVisium On-Demand product can download the EdCast mobile application for iOS or Android and consume videos and written content on-the-go.
So, what if you have a big development team, and you want to track their progress? Well, you’ll be happy to know that our platform was built for large development teams, and you can pull all of the metrics you would ever want. You can track who’s completed the course, student activity, and which modules your developers are breezing through and which ones are making them work a little bit harder. You’ll also be able to sleep better at night because you’ll know your team passed because they were able to demonstrate mastery of practical skills, not because they let the OWASP Top 10 videos keep playing in the background while they browsed the web.
We hope you’ll take our platform for a spin and let us know what you think about it. If you’re interested in seeing more or in trying a full demo of the platform, please contact the nVisium team here: https://nvisium.com/contact/.