About Us

Everything you need to know about us

Who We Are

We aim to help solve the problem of security vulnerabilities in code through education. Despite years of research and work on stopping bugs, such as SQL Injection or Cross-Site Scripting, they still appear in production code worldwide. It doesn't matter if you are a small start-up or a large global organisation.

Specialists are expensive

Initially, we would try to fix security issues by hiring pentesters or security specialists to review applications/code and find vulnerabilities. However, security specialists are hard to find and often expensive. (Plus all these newfound vulnerabilities immediately go straight to the backlog.) Your release timeline is then at the mercy of the productivity of your security professionals. If they are oversubscribed, do you hold off releasing or do you risk releasing code that might be vulnerable?

Tools aren't always the solution

Today more and more companies use static analysis tools to find bugs before they reach production. Static analysis tools are a great way to catch the most common issues. However, they are expensive, prone to false positives and don't identify everything.

Developers are the key

The earlier you identify and fix a vulnerability in your code; the quicker and cheaper it is to fix. Therefore you want to create a development environment where people can spot and fix bugs as quickly as possible. The best way to do this is education. Enable your developers to identify and fix bugs (that analysis tools could never detect) before the code ever enters production. We provide the necessary tools to teach the basics of secure coding, what to do, what practices to avoid and what issues to look out for.

Office desk with computer

Frequently Asked Questions:

Q. What do you offer?

We offer a course shared by email. When you sign up, we send you one article a day for 30 days. Each article is a 5 minute read covering a secure coding problem using real-world examples, how to identify it and how to fix it. After the course is finished, you have the option to stay on our mailing list for future opportunities. At the moment, everything is done by email, and you can unsubscribe at any time.

Q. What will I get from this course?

You will understand how to be a better coder. 80% of success is 20% of the work; we give you that 20%. Security professionals get paid more and are often given the best projects. Being able to demonstrate you can code securely increases your chance of more exciting work and career development.

Q. Why do I need to learn about security when I have SAST tools and security teams to do it for me?

Security is everybody's responsibility. SAST tools still need the user to understand what the tool has found and its validity. SAST alerts still take time to fix, and that requires an understanding of the problem. Your life is made easier if you never had to deal with the alert in the first place.

Q. I don't want to become a security expert, is this course really for me?

If you are a developer who doesn't want to become a security expert, you shouldn't need to. We aim to focus on the basics and give developers the tools to write code securely without becoming an expert.

Q. I do want to be a security expert, is this course really for me?

You've come to the right place! Our initial course offers the basics to get you started. It shows you where to learn more and dive deeper into the different topics covered.