Skip to content

Case Study Technology/Software Industry

Company Meets PCI Secure Coding Training Compliance

Security Journey Case Study PCI Secure Coding Header

81% of vulnerabilities were fixed correctly, up from just 14%

Download The Case Study
Security Journey Case Study PCI Secure Coding Header

The Company

A software technology company with many Fortune 500s as their customers store over 41 million records of end-user data and wanted a training solution to meet PCI secure coding requirements.

They needed to reduce vulnerabilities in software to protect their applications and, ultimately, their end-users' data.

Region

North America

Number of Users

1,500

Company Size

Mid-Size

Industry

Software Technology

Compliance Requirements

PCI

  1. The Challenge The company wanted to show the effectiveness of the training solution so they could justify to engineering leadership that time away from development was worthwhile.
  2. The Solution The company decided to put all their software developers through hands-on secure coding training. 
  3. The Outcome The developers were given another assessment after the training and approximately nine months after the initial assessment with measurable results.
  • Reporting Learning Swing Icon 85% Average Assessment Score
  • Reduction in Vulnerabilities Icon 81% Reduction in Vulnerabilities
  • Score Improvements Icon 100% Developers found and fixed a majority of the vulnerabilities

The Challenge

Security Journey Case Study PCI Secure Coding

The company wanted to show the effectiveness of the training solution so they could justify to engineering leadership that time away from development was worthwhile, show the ROI for their internal security budget, and measure the effectiveness for C-level leadership.

Before taking any training, the company gave a secure coding assessment to all developers. The assessment had multiple questions about finding a simple OWASP Top 10 vulnerability in a code snippet and fixing it. The assessment consisted of two SQL Injection vulnerabilities, one XML External Entity (XXE) vulnerability, and one CrossSite Scripting vulnerability. In addition, there was a simple question on Insecure Deserialization.

The developers were not given the answers, only their final score. The developers averaged a total score of 19% and found and fixed an average of just 14% of the vulnerabilities. 58% of developers could not find and fix just one vulnerability successfully. 

The Solution

We're Here Every Step of the Way

The company decided to put all their software developers through hands-on secure coding training.

They chose HackEDU because of the interactive, secure development training, which has been proven to help developers lower the risk of vulnerabilities. Going through all the lessons, the developers improved their ability to write secure software, boosted their understanding of how systems are hacked, and decreased the time to solve those security-related issues.

The training also helped the company meet their PCI secure coding training compliance requirements. 

SJ_PCISoftwareFortune500_CaseStudy
Download The Case Study

What Our Customers Say

SecurityJourney_Testimonial_fin

Security Journey was collaborative with the team at Zoom to help understand our needs and how they could help us reach our goals. 

Robert Walker, Secure Software Development Lead at Zoom

SecurityJourney_Testimonial_fin

As an engineer, I love the hands-on problems! I think it's a really great challenge and also does a great job of making sure folks are paying attention. I'd highly recommend this.

Security Journey Customer, Information Technology

SecurityJourney_Testimonial_fin

I like to take up the HACKEDU training to brush-up my skills and the most liked part is the hint and explanation.

SecurityJourney Customer, IT Service Management Company

SecurityJourney_Testimonial_fin

Security Journey works in that you have to actually solve problems and code. I think that in terms of measuring the effectiveness, Security Journey is a fantastic product.

Robert Walker, Secure Software Development Leader at Zoom

SecurityJourney_Testimonial_fin

It's nice to be able to consume smaller segments of training without requiring me to block large time blocks.

Security Journey Customer, Health and Wellness Company

SecurityJourney_Testimonial_fin

When I was searching for a replacement to the Secure Code Warrior training, it was important that I find a provider who appreciated my business no matter how many developers I had. Security Journey welcomed my business, and even helped me create custom learning paths specific to my needs.​

Seth Strumph, CTO of Optimal Workshop

The Results

The developers were given another assessment after the training and approximately nine months after the initial assessment. This time the average score was 85%, up from just 19%, and the developers found 81% of the vulnerabilities. 100% of the developers found and fixed a majority of the vulnerabilities in the assessment. The developers improved their ability to find and fix vulnerabilities in code and improved by an average of 452%. Not  only did the developers improve their ability to code securely, but they also thought the way the lessons were presented was exciting and enlightening which enticed them to complete the courses.
  • 10 Seconds 85% average score of developers assessed
  • 100% with secure code training experience preferred Security Journey 100% of the developers found and fixed a majority of the vulnerabilities in the assessment
  • 100% of developers learned something new 452%

    average of improved ability to find and fix vulnerabilities in code

Download the Case Study

Company Meets PCI Secure Coding Training Compliance 

Download The Case Study