Skip to main content
Skip table of contents

Get Training on Typical Vulnerabilities

Overview

When triaging your Code Security Findings, the Training section is available each finding to see context-based links to content for established training material provided by Secure Code Warrior. The links provide training resources directly for each finding within the Mend SAST scan. This will allow you to understand better and remediate vulnerabilities faster and increase awareness to prevent similar issues in the future.

Getting it Done

In your Code Findings within the Mend Application, click on the Training tab.

image-20240309-161126.png

In case either a whole language or a certain finding is not supported, you’ll get a message saying that no training material is available.

image-20240311-124529.png

If training material is available, click on Secure Code Warrior Training Material to see the training resources available for each finding.

  • Training: A Secure Code Warrior training session relevant to the reported finding.

Clicking on the training material links under the Training section will immediately take you to Secure Code Warrior’s login portal in your browser.

If you have a Secure Code Warrior account, log in so your progress through the learning challenges can be tracked.

You also have the ability to sign up for a 14-day free trial or continue as a guest.

After logging in or continuing as a guest, Secure Code Warrior will present you with a learning challenge catered to the detected finding by the Mend Code Scan. The Challenge will be pre-configured for the same vulnerability type and programming language.

When you start the learning challenge, the challenge's goal and instructions will be located in the left pane, while the example file explorer and code for the challenge will be found in the right pane.

In the example challenge for SQL Injection, two files are marked with 2 highlighted lines of code in each file. The instructions are to find the one line of code that causes the vulnerability and then submit your answer.

If you submit the correct line of code causing the vulnerability, you will be greeted with a golden Success shield with a brief explanation of why the correct line of code was selected and the ability to continue to another stage of the challenge.

If you submit the incorrect line of code causing the vulnerability, you will be greeted with a broken Failed shield with a clue to help you select the correct line of code on your retries.

After completing the learning challenge, if you are logged in, the progress will be tracked on your account. If you complete the challenge as a guest, you will simply be congratulated for completing the challenge and given the opportunity to complete other challenges.

Each stage of the Secure Code Warrior challenges is formatted the same and gives similar feedback to help you learn secure coding best practices.

  • Videos: A Secure Code Warrior video relevant to the reported finding.

Clicking on the training material links under the Videos section will immediately open a video player in your browser and start playing a video related to the topic of the detected finding. The contents of the videos explain what the vulnerabilities are, how they are caused, and ways to prevent them.

Example video: Secure Code Warrior SQL Injection

  • Further Reading: Additional reading material relevant to the reported finding.

Clicking on the training material links under the Further Reading section will immediately open an article from http://owasp.org in your browser related to the topic of the finding. These articles can either explain the vulnerabilities and how they can be exploited or be cheat sheets containing examples of best practice code to resolve or avoid the vulnerabilities in the first place.

Example further reading: Secure Code Warrior SQL Injection

Learn more about SCW

Reference

Secure Code Warrior Language Coverage

Language

Coverage

Covered CWEs

Total CWEs

ABAP

100%

6

Details

CWE-22 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-94 +
CWE-400 +

6

ASP Classic/Visual Basic/VBScript

0%

0

18

Android Java

64%

9

Details

CWE-16 -
CWE-89 +
CWE-94 +
CWE-200 +
CWE-209 +
CWE-244 -
CWE-295 +
CWE-319 +
CWE-326 +
CWE-338 +
CWE-676 -
CWE-749 -
CWE-798 +
CWE-926 -

14

Apex

66%

4

Details

CWE-89 +
CWE-209 +
CWE-244 -
CWE-501 -
CWE-798 +
CWE-918 +

6

C/C++ (Beta)

73%

14

Details

CWE-22 +
CWE-78 +
CWE-89 +
CWE-90 +
CWE-114 +
CWE-121 +
CWE-125 +
CWE-134 +
CWE-190 +
CWE-191 +
CWE-242 -
CWE-244 -
CWE-367 +
CWE-369 -
CWE-415 +
CWE-416 +
CWE-676 -
CWE-787 +
CWE-789 -

19

ColdFusion

0%

0

4

C#

79%

23

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-209 +
CWE-244 -
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-941 -
CWE-1004 +

29

Cobol

100%

3

Details

CWE-78 +
CWE-89 +
CWE-121 +

3

Go

76%

20

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-113 +
CWE-117 +
CWE-244 -
CWE-295 +
CWE-322 +
CWE-326 +
CWE-338 +
CWE-377 -
CWE-400 +
CWE-434 +
CWE-472 +
CWE-601 +
CWE-643 +
CWE-676 -
CWE-732 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-1327 -

26

Groovy

0%

0

30

iOS Objective-C

66%

6

Details

CWE-73 +
CWE-89 +
CWE-200 +
CWE-209 +
CWE-242 -
CWE-319 +
CWE-326 +
CWE-676 -
CWE-749 -

9

JavaScript / Node.js

83%

15

Details

CWE-20 -
CWE-22 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-242 -
CWE-338 +
CWE-400 +
CWE-601 +
CWE-611 +
CWE-676 -
CWE-798 +
CWE-918 +
CWE-943 +

18

Java

75%

31

Details

CWE-15 -
CWE-20 -
CWE-22 +
CWE-74 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-134 +
CWE-209 +
CWE-297 -
CWE-312 +
CWE-319 +
CWE-325 +
CWE-326 +
CWE-327 +
CWE-328 +
CWE-335 +
CWE-338 +
CWE-347 +
CWE-400 +
CWE-470 -
CWE-472 +
CWE-497 -
CWE-501 -
CWE-502 +
CWE-532 +
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-780 -
CWE-798 +
CWE-917 +
CWE-918 +
CWE-941 -
CWE-1004 +
CWE-1204 -

41

Kotlin

76%

23

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-209 +
CWE-244 -
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-497 -
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-941 -
CWE-1004 +

30

Kotlin Mobile

71%

25

Details

CWE-16 -
CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-200 +
CWE-209 +
CWE-244 -
CWE-295 +
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-497 -
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-749 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-926 -
CWE-941 -
CWE-1004 +

35

PHP

77%

21

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-98 -
CWE-113 +
CWE-209 +
CWE-326 +
CWE-338 +
CWE-384 -
CWE-400 +
CWE-434 +
CWE-472 +
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-918 +
CWE-941 -
CWE-1004 +

27

PLSQL

100%

4

Details

CWE-22 +
CWE-73 +
CWE-79 +
CWE-89 +

4

Python

73%

14

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-244 -
CWE-472 +
CWE-502 +
CWE-530 -
CWE-601 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-941 -

19

R

0%

0

8

Ruby

83%

15

Details

CWE-22 +
CWE-59 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-244 -
CWE-321 +
CWE-434 +
CWE-530 -
CWE-676 -
CWE-798 +
CWE-915 +
CWE-916 +
CWE-1004 +

18

Swift

66%

6

Details

CWE-73 +
CWE-89 +
CWE-200 +
CWE-209 +
CWE-242 -
CWE-319 +
CWE-326 +
CWE-676 -
CWE-749 -

9

TypeScript

80%

12

Details

CWE-20 -
CWE-22 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-242 -
CWE-338 +
CWE-400 +
CWE-601 +
CWE-676 -
CWE-798 +
CWE-943 +

15

VB.Net

79%

23

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-209 +
CWE-244 -
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-941 -
CWE-1004 +

29

Xamarin (C#)

0%

0

27

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.