An organization’s security isn’t the responsibility of its IT department alone. Development teams need to be vigilant too and take measures to rid their software of vulnerabilities, a requirement that Checkmarx Ltd. wants to help address with the new training service that it unveiled this morning.

AppSec Coach, as the tool is called, provides a set of learning modules for the Israeli company’s widely-used CxSAST code analysis platform. It displays a blue tooltip icon whenever the latter system finds a security flaw that is covered by the built-in course material, and enables developers to instantly pull up the appropriate lesson if they want to find out how to avoid making the same mistake in the future.

Clicking the blue button brings up a mock IDE with sample code that Checkmarx says encompasses both the backend and frontend components of the vulnerability at hand. To start off a lesson, AppSec Coach brings up an overview that goes over the contents of the console and briefly details what each line does. Developers can then interact with the code on their own and consult the tool’s sidebar every time they need a more through explanation of a section. Once the user more or less understands the course, they’re able to have AppSec Coach generate a step-by-step walkthrough that displays exactly how to solve the issue in the course. Finally, it displays a brief summary of the lesson before sending the user back to the project they were working on.

Checkmarx hopes that weaving its training modules directly the CxSAST troubleshooting workflow will make it easier to pick up best practices for code security, which in turn can increase the likelihood of developers taking the lessons. Plus, AppSec Coach also removes the need for organizations to set up a separate security course on their own in the process. The training modules are included in the code analysis platform out-of-the-box and support half a dozen programming languages on launch, with more set to be added over time.

Image via kuszapro