Skip to content

Compare Codebashing vs. HackEDU

Compare Codebashing vs. HackEDU

Published on

HackEDU customers often ask us, “What is the difference between Codebashing and HackEDU?” This is a very good question because both Codebashing and HackEDU offer similar training products, and so we certainly understand the need to know the difference.

HackEDU may not be the best fit for you. In fact, Codebashing might be a better option. This article is going to explain the differences between Codebashing and HackEDU in an honest and transparent manner so that you can identify which training platform is the best fit for you before making your final decision.


Codebashing was one of the first online, hands-on platforms for secure coding training, and they currently cover Java, .Net, PHP, Node.JS, Ruby on Rails, Python, Django, C/C++, Android, and iOS. Most of the languages available cover 22 topics (C/C++ covers 16 and Android & iOS cover 8 each). Each topic is estimated to take 5–8 minutes and cover the Top 10 Most Critical Security Risks defined by the Open Web Application Security Project (OWASP) in addition to other vulnerabilities. The topics are guided with animations and you cannot move past a step until the correct action is taken which forces developers to go through all of the steps. The majority of the training is presented via an application simulation and question prompts. Thus, the system only takes input that it expects (after it poses a question) and there are limited opportunities to try and test additional inputs.

Codebashing, which was acquired by Checkmarx, is integrated into the Checkmarx static analysis tool. This is a benefit for on-demand training when vulnerabilities are found by Checkmarx. You can try free demo lessons on their website.


HackEDU develops interactive cybersecurity training using real applications and servers. HackEDU covers Java, .NET, PHP, Node.JS, Ruby, Python, C/C++, C#, and Go. The lessons for each programming language follow the same pattern, and like Codebashing, HackEDU covers the OWASP’s Top 10 Most Critical Security Risks in addition to other vulnerabilities. There are currently 35 lessons that take between 20–30 minutes to complete, and more lessons are currently being developed. The training has real running applications and real tools within the browser so that developers can freely explore solutions in these real environments. Moreover, HackEDU classes can be scheduled and challenges are offered to test competency.

HackEDU takes a combined offensive/defensive approach to training, which has been shown to be more effective than a purely defensive approach. All lessons start with vulnerability discovery so developers gain an understanding of how attackers look at their applications. Then, there is vulnerability exploitation where developers learn the impact of vulnerabilities. Finally, there is a focus on defense and how to fix vulnerable code. Code can be updated in real-time so that developers can see how their code fixes affect the application vulnerabilities.

HackEDU’s lessons can be scheduled over time to fit the needs of your development team. There is a free SQL injection lesson available at


Both Codebashing and HackEDU offer strong secure coding training. Hands-on development training tends to be more effective because it keeps developers engaged. However, HackEDU covers both the offensive and defensive sides of security, and has tools and applications that are real environments, whereas Codebashing mainly focuses on defensive security, has simulated environments, and it is integrated into the Checkmarx static analysis tool. Developers need a chance to explore to really learn and problem solve, so having real applications to do that in is a benefit.

Depending on your needs, either of these solutions may be right for you. You should try the free demos for each to get a better idea of how the training is structured before determining which will be best for your team. Codebashing offers free lessons on their website and HackEDU offers a free SQL injection lesson at