...
- Results History - Query Name - List of queries with scan results in the current project and also includes the number of instances found.
Right-click on a query from the list and select Show Description. Cx/CWE description information for the vulnerability is displayed.
Clicking (
) takes you to the AppSec Coach Codebashing, our interactive learning platform, where you can learn about code vulnerabilities, why they happen, and how to eliminate them. Once there, select a tutorial and start sharpening your skills.Info icon false AppSec Coach™
AppSec Coach provides developers with a new in-context learning platform that sharpens the skills they need to fix vulnerabilities and write secure code. This new approach makes AppSec learning an engaging experience, more effective, with a fast learning curve.AppSec Coach is currently available as a limited edition to all users, covering:
Lessons:title Codebashing™ CxSAST users can have free access to a limited set of Codebashing lessons.
Available free lessons are: SQL Injection (SQLi), Cross-site scripting (XSS), XML Injection (XXE)
Languages. The free lessons are available for the following programming languages: Java, .Net, PHP, Node.JS, Ruby, Python.
The full and (paid) version will include over 20150+ individual lessons and additional languages:
- Lessons: Session fixation, Use of insufficiently random values, Reflected XSS, Command Injection, DOM XSS, Directory (Path) Traversal, Privileged Interface Exposure, Leftover Debug Code, Session Exposure in URL, User Enumeration, Horizontal Privilege Escalation, Vertical Privilege Escalation, Authentication Credentials in URL, Cross Site Request Forgery (POST), Cross Site Request Forgery (GET), Click Jacking, Insecure URL Direct.
Languages: Scala, C/C++across many common web, mobile and embedded programming languages. Please refer to Codebashing for a full list of supported programming languages and lessons.
Select a query to view instances found to the right.
...