Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Security Innovation Launches New, Realistic Cyber Range to Help Companies Develop More Secure Software Applications

Security Innovation announced the release of a new, intermediate level cyber range as part of its CMD+CTRL software security training series. Containing 45 security challenges and 14 vulnerability types based on common security risks from the OWASP Top 10, CWE, MITRE ATT&CK framework and others, the training teaches participants how to better protect against the latest cybersecurity threats in a simulated system by having them act like attackers.

The newest component of a comprehensive application security training program, Shadow Health is designed for organizations in any industry, and replicates attack scenarios via an authentic but intentionally insecure health care portal platform built on a cloud-native tech stack. While the cyber range uses a web application scenario familiar to the health care industry, the training is designed to apply to all types of applications to help cross-functional teams including application developers, security engineers and QA engineers make their solutions less vulnerable to cyberattacks.

Through a fun, interactive, gamified approach to training, that includes missions, competitions and leaderboards, companies can use Shadow Health in conjunction with related courses and labs to assess employee application security competency and maximize learning and collaboration. Challenges include broken access control, injection, cross-site scripting vulnerabilities, SSRF, Log4j and five special "capture the flag" challenges.

"Putting employees in the seat of the attacker gives them a better perspective on how to make their software safer," said Fred Pinkett, Senior Director, Product Management, at Security Innovation. "We have designed this cyber range to be a challenge for employees of all skill levels. Overall, fewer than 20% of participants identify all the issues, and the average participant finds less than half."

Rise in Simulated Cybersecurity Training

Realistic simulations are an increasingly important component of software security training. A recent report from Security Innovation and the Ponemon Institute found that 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020. The effectiveness and motivation of realistic training is one reason ROI for cybersecurity programs incorporating realistic simulations grew from an average of 30% in 2020 to 40% in 2023.

"Security training needs to be more engaging, while keeping up with the current challenges faced by developers and software security teams," said Pinkett. "Being able to see the implication of an attack in the form of stolen data and fraudulent transactions turns vulnerabilities from theoretical issues to tangible problems. Shadow Health includes the vulnerabilities that plague enterprises today in a realistic and contextual training that helps developers master the art of vulnerability detection in an engaging and fun way, while helping organizations build a security-focused culture."

The CMD+CTRL Security Training Program

More than 250 companies and 25,000 participants have enhanced their skills on Security Innovation's cyber ranges. The integrated, role-based cybersecurity training portfolio includes over 350 online courses and hands-on learning labs that are designed to prepare learners to prove their skills in the cyber ranges. Shadow Health is the 11th immersive cyber range in the Security Innovation library and is offered in sessions ranging from a half-day to a full week. It is designed to present an intermediate-level challenge that complements other ranges that vary in difficulty and tech stacks, including:

  • Shadow Bank (basic) - banking application focused on OWASP Top 10 and security principles
  • Forescient (intermediate) - AWS infrastructure with front-end website, virtual servers, accounts, and services
  • LetSee Marketplace (advanced) -single page application (SPA) with a heavy API focus
  • Infinicrate (advanced) - cloud file storage application for teams using GitHub, cloud services, and development tools
  • MailJay (advanced) - level challenge cloud-native marketing automation SaaS suite that emulates a modern-day marketing application, as well as its front-end and back-end services
Availability and Pricing
Shadow Health is available immediately. Pricing depends on the number of participants, the length of the session and proctoring requirements.
Published Monday, June 12, 2023 2:05 PM by David Marshall
Filed under:
Get This Featured White Paper: Coretek Teams with IGEL to Transform VDI Deployment for a Defense Contractor
You may also be interested in this white paper: Revolutionizing IT Support
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<June 2023>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678