We are a service company, and we have a lot of projects for mobile app security. Our customers use JavaScript and Objective-C to code the backend of their systems, and our security experts use this solution to show our customers what needs to be fixed in their environment.
We use a classic cloud service, but from a vendor, so we have a private cloud deployment. In the future, we may switch to an on-premises solution.
This solution has an interactive approach that allows you to quickly receive basic knowledge about vulnerabilities and how they should be fixed. It is easy to understand how it works, and how things should be fixed. Everything is in one place.
This product will integrate well with a socket solution. When a vulnerability is detected, you can redirect to CodeBaching, which is very useful.
This solution is very comfortable for developers, even at the junior level.
We would like to be able to add our own lessons to the platform because right now we can't add our own information. It would be helpful to create a "lesson platform", for example.
It would be helpful if the solution included tests or exams that would allow you to study, for example, all Java vulnerabilities, and then afterward test your knowledge. This is a typical functionality for learning platforms.
I would like to see more integration with other educational platforms. They have a good start because it integrates well with their own solutions.
This is a stable solution. We have never had a situation where we could not connect to the vendor's cloud.
We currently have three users, and they are experts in information security.
We have not needed to contact technical support for this solution because everything is clear. We have dealt with the same vendor for other solutions and they have a very quick response. They also have Russian speakers available.
Some of our customers used their own products before switching to Codebashing.
We just used documentation and materials from other languages, but it is not as comfortable. In Codebashing, you have one solution for all languages. Previously, we needed to find something for Java, and then something for C, then try to understand what might be a good description and come up with an example. We spent a lot of time on this process.
The initial setup of this solution is very easy. Checkmarx has very good instructions and user manuals, so there are not many problems when it comes to installing and configuring their products.
We deployed this solution with our in-house engineers. There is a lot of technical documentation on the Checkmarx Wikibase, and it's an open base. There are very good examples with screenshots and step-by-step instructions.
We did not evaluate other solutions before choosing this one.
This is a solution that I recommend to people who have a Checkmarx socket implementation because it is good to have a platform with this training program included. Otherwise, it depends on the customer. If they have a lot of their own code development then training is needed. However, in some cases, where they have good experts with a lot of knowledge, then their own experts can teach the staff.
For companies that do not have information security experts available for training, then this is a very good platform to have because it has very clear and quick lessons.
This product is good and it is reliable.
I would rate this solution a seven out of ten.
