ShiftLeft, Inc., a leader in application security, today announced general availability of ShiftLeft Educate, a solution that delivers highly-effective security training for developers within the developer workflow. Designed in partnership with Application Security Training platform Kontra, ShiftLeft Educate provides consistent and contextual training for developers of different skill levels, enabling them to quickly learn security best practices and fixes for issues currently in their code.
“Discovering vulnerabilities in code is the first step in reducing risk, and remediation needs to be performed by skilled developers. Yet teams are too often left to self-source fix information. Contending with a patchwork of sources that are not always reliable as well as different remediation methods for the same issue, teams can be left with ineffective fixes and confusion across each other’s code,” said Manish Gupta, CEO, ShiftLeft. “The security training we’ve created with ShiftLeft Educate clearly presents vulnerabilities and solutions at the developer’s fingertips while still being suited to different learning styles, making it exceptionally efficient and effective.”
“The only way to make software more secure is to provide our developers with education that is engaging and respects their time by breaking down complex material into clear fundamentals,” said Gyan Chawdhary, Founder and CEO, Kontra. “By partnering with ShiftLeft, we can provide our training to developers earlier in the development cycle while their code is still fresh in their mind.”
ShiftLeft Educate is integrated directly into ShiftLeft CORE code security platform. When a vulnerability is discovered in ShiftLeft’s analysis, ShiftLeft Educate delivers bite-sized security training without requiring developers to seek out external resources to learn about the vulnerability. Educate also recognizes vulnerabilities identified by ShiftLeft CORE and provides comprehensive and reliable remediation guidance specific to the programming language and vulnerability category.
Additional key features of ShiftLeft Educate include:
- Analysis that shows the full data path of the vulnerability through the developer’s code
- Select training resources appropriate to language and vulnerability type based on CWE and OWASP category
- Interactive videos, real world examples and mitigation information provided by Kontra, along with multiple angles on vulnerabilities – showing paths from the attacker’s view and developer’s view
- A paid version enabling customers to roll out, assign, and track completion of application security training for each developer in the organization
“SupportLogic takes security very seriously in our service to large enterprises,” said Krishna Raj Raja, Founder and CEO of SupportLogic. “We firmly believe in shifting left to ensure our codebase is secure from the start and are making it a formal part of our AppSec developer training program. ShiftLeft Educate is helping our engineering staff to learn and apply security best practices to write more secure code from the outset.”
For more information on ShiftLeft Educate, Visit https://www.shiftleft.io/shiftleft-educate/.
About ShiftLeft
ShiftLeft builds security software with a developers-first approach. Through industry-leading speed and accuracy, ShiftLeft maximizes developer productivity and efficiency by providing near-instantaneous security feedback on software code during every pull request. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate. The platform is purpose-built to insert security directly into the modern software development lifecycle so developers receive the right vulnerability information at the right time.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.