Cyber Academy Training Platform

Yes. OWASP Top 10 is just a high-level standard. We (at Kontra) believe that developer security education is not limited to just OWASP Top 10 risks and that there are other security topics developers should be aware of, therefore we go beyond what OWASP Top 10 mandates that developers should be educated on and include other additional content.

Kontra offers training for the following:

1. Frontend Developers: These are developers who focus on UI/UX development
2. Backend Developers: These are developers who focus on developing the backend business
   logic and functionality of the platform.
3. Database Developers: These are developers who focus on developing the backend business
   logic and functionality of the platform.

Kontra covers all leading programming languages and frameworks such as:

• Java
• .NET
• Ruby on Rails
• Python(Django)
• Python(Flask)
• Scala
• Kotlin
• Node.js
• GO
• PHP
• Angular
• React
• Vue.js

Kontra captures the following statistics for every learner on our LMS:

1. Course Start Database
2. Total Time Spent
3. Total Progress in %
4. Last Login Time
5. Total Time spent on every course
6. Total Time spent on primary course
7. Total Time spent on every exercise
8. Number of times an exercise was attempted
9. Certificate of Completion(PDF)

Yes. We offer the creation of Teams/Groups and Roles to facilitate easier management of users.

Yes. Unlike video training where learners can skip parts of the video, all Kontra labs are hands-on interactive modules that must be followed step-by-step and cannot be jumped or skipped.

Kontra adds new modules and courses every quarter. These updates could be:

1. Improvements in the existing content library
2. New courses on topics
3. New exercies for existing courses

However, unlike our competitors we are not aiming to stuff our platform with repetitive content, a practice known as “content stuffing” – Developers can sense and pick this up very quickly and will not engage with the training if the content is simply updated for the sake of it.

Yes, all content is QA’d and updated based on evolving improvements of a programming language.

Yes. Kontra’s LMS API can be used by a customer to download all the learning and progress data for every learner programmatically and use this information in internal dashboards or reporting tools.

Any learning management system that supports the SCORM 1.2 or SCORM 2004 standard will automatically run Kontra content out of the box.

Some leading learning management systems that Kontra customers use today:

• Workday
• Articulate Rise
• Docebo
• CornerStone
• Lessonly
• SkillSoft
• Saba
• SAP SuccessFactors
• Moodle

This categorization of difficulty levels (easy, medium, and hard) is not applicable to developer security education.

For example, a SQL Injection vulnerability cannot be categorized as easy, medium, or hard since the vulnerability is a high-risk issue, and therefore regardless of a developer’s experience and seniority, every software developer in an organization must know what this issue means and how it impacts the security of your application.

However, we do categorize courses by roles and job functions. See the next question.

Yes. A large number of Kontra’s customers use our training to educate Quality Assurance teams on developing attack test cases and security use/misuse cases.

Our content is further used by system architects to educate them on the common attack surfaces present during the design stage of an application.

Yes, all languages contain a similar number of exercises and vulnerability scenarios.

Yes, Kontra’s Cloud LMS (Learning Management System) offers a detailed dashboard to manage learning outcomes, assign courses, track users, send reminders, download and publish certificates of completion, and APIs to download data programmatically.

Since Kontra is not a video education platform, every exercise is offered as a hands-on interactive lab where developers must interact with the lab on every step.

Yes. Kontra offers a reminders feature that allows administrators to send reminders to:

1. Single Users
2. Multiple Users
3. Send reminders based on % of completion i.e. Send reminders to all users that have only completed 20% of their primary course etc.

A minimum of two courses are added annually.

Our customers use Kontra to meet their compliance obligations for a number of compliance standards including:

1. PCI (Payment Card Industry) compliance requirements.
2. HIPAA
3. SOC2
4. ISO27001

Yes. Kontra is the only company to offer interactive educational content for developer security training as SCORM packages that allows loading and running our content on third-party LMSs.

Yes. Kontra supports SAML 2.0, and is compliant with the following SSO providers including but not limited to:

• Okta
• Google Apps
• Ping Indentity
• Azure AD
• Microsoft AD
• SailPoint
• OneLogin
• Auth0