Hands-on tasks and secure coding lessons have improved application security and reduced production issues
What is our primary use case?
SecureFlag's main use case is obtaining certifications and learning from the modules and tasks provided, then implementing that knowledge in our own applications to make them more secure. SecureFlag does an excellent job in teaching how to make applications more secure.
In my organization, most people are using SecureFlag certification and improving their secure coding practices. I have seen them making applications more secure. Since 2024, when we were introduced to SecureFlag, we have been using it extensively, and it has been very beneficial. Every year, employees can complete one certification and learn something new regarding secure coding practices.
SecureFlag has been performing exceptionally well, and it should continue to scale. Our organization is fully committed to using SecureFlag, every employee is using it, and it has been made mandatory.
What is most valuable?
SecureFlag's best features are the platform design and user experience, which have been amazing. The most distinctive aspect is the ability to perform hands-on practice. Rather than simply reading and completing content, users must engage in hands-on practice and complete tasks, which makes SecureFlag a very different and highly interactive platform.
After completing certifications, users receive a certificate that can be shared on LinkedIn or other social media platforms, with the ability to create posts directly. Additionally, SecureFlag offers trophies and points, which makes the platform much more interactive from a user perspective.
Regarding hands-on practice, SecureFlag certifications and tests include multiple tasks that require users to log in and access a VDI-type experience for hands-on practice. This approach is excellent because it requires thinking and research rather than simply completing a course. SecureFlag also provides hints as an option, which is very useful from a user perspective. I have never experienced this level of interactivity on any other platform or coding platform.
SecureFlag's website is absolutely brilliant with no delays in response time. It works flawlessly when logging into different tasks, and each task opens a new VDI, which is excellent. SecureFlag's team manages this flawlessly. SecureFlag provides certifications that are very useful and covers every technology. Certifications are not limited to any specific technologies, making all technologies available.
Many improvements have occurred after implementing SecureFlag's secure coding practices in our applications. We did not face production outages after implementing these practices, and deployment times became faster.
What needs improvement?
In terms of user experience and flawless website response, there is not much scope for improvement. However, SecureFlag can definitely add more courses and technologies to their website to cover everyone. They could also integrate different levels into every course, which would be very useful.
SecureFlag could include more detailed documentation in video format so everyone can understand the tasks better.
For how long have I used the solution?
I have been using SecureFlag since last year and completed two certifications for passing the secure coding test for OWASP top 10 in .NET. Additionally, last month in October, I completed the prompt injection and LLM secure coding test.
What do I think about the stability of the solution?
SecureFlag is very stable in terms of response time, user experience, and request handling.
What do I think about the scalability of the solution?
SecureFlag is quite scalable. Many organizations are adopting SecureFlag, which demonstrates its scalability.
How are customer service and support?
Customer support has been amazing throughout. If there are any issues, direct email contact with the customer support team is available, and the response has been quite good.
How would you rate customer service and support?
What other advice do I have?
The advice I would give to others using SecureFlag is to improve their skills by completing more certifications on different technologies that they use more frequently and to enhance their secure coding skills. Share your certifications upon completing and passing the secure coding test, and share your trophies as well. SecureFlag's best features are the user experience and the absolutely brilliant website with no response delays that works flawlessly. Logging into different tasks and having a new VDI open for every task is excellent, and how SecureFlag's team manages this is flawless. SecureFlag provides very useful certifications for every technology, which is a good feature since it is not limited to specific technologies and covers all available technologies. My overall rating for SecureFlag is 10 out of 10.
Secure Flag: Reliable Training with Outstanding Support, Minor Lab Issues
What do you like best about the product?
When I joined Forward Financing’s security team, we were still building our code security training from the ground up. We were concerned that our developers did not have the proper training for coding, being aware of the security matters. From day one, Secure Flag gave us the structure and visibility we needed to help developers understand the vulnerabilities they might be introducing through code.
Over time, I became the main point of contact for Secure Flag in our team, and that’s because it works. It’s reliable. I know that when something pops up, their amazing team is really great. They're more than just vendors; I feel like they work with us and not for us.
What do you dislike about the product?
The labs on the learning courses might have some issues when you are using a VPN, but Secure Flag team is aware of that and gives you ideas to solve any issue you might encounter.
What problems is the product solving and how is that benefiting you?
The platform gives us a great training environment for the developers of our organization, while allowing us to set goals, custom training paths and track progress per teams which is really useful.
Exceptional Hands-On Training Platform with Outstanding Support
What do you like best about the product?
In my experience as an Application Security Architect responsible for running a secure coding training program, I find SecureFlag to be an exceptional platform for enterprise-level developer education. It delivers a hands-on, real-world learning experience where developers actively work in realistic coding environments to identify and fix vulnerabilities rather than passively watching videos or taking quizzes. I use its flexible features to build and customize learning paths tailored to specific teams, technologies, and skill levels. The platform’s detailed progress tracking and gamified elements, such as leaderboards and tournaments, keep developers motivated and make it easy to measure the program's performance. SecureFlag’s customer support team is exceptional, providing expert guidance and proactive assistance to ensure the program’s success from implementation through ongoing management. Overall, SecureFlag empowers me to run a secure coding training program that is practical, scalable, and highly effective across the organization.
What do you dislike about the product?
While SecureFlag is effective, it doesn’t address every challenge that can arise in a secure coding training program. It offers a solid foundation for secure coding education, but the initial setup can feel overly complex, particularly when establishing the training framework and defining organizational goals. The process demands thoughtful planning, customization, and ongoing commitment to ensure alignment with real-world development practices. Without that sustained effort, the training risks becoming a static compliance exercise rather than a dynamic, integrated component of a company’s secure development lifecycle.
What problems is the product solving and how is that benefiting you?
SecureFlag helps our developers strengthen their secure coding skills through engaging, real-world exercises instead of passive compliance training. It solves the challenge of meeting corporate security training requirements while ensuring the learning is practical and impactful. As the program administrator, I’ve seen it improve developer engagement, reduce vulnerabilities, and enhance our overall security posture.
Great for Secure Coding, But Needs More Kotlin Labs
What do you like best about the product?
Helps our developer improve on their secure coding skills
What do you dislike about the product?
limited Kotlin training/labs for our developers
What problems is the product solving and how is that benefiting you?
It is important to ensure that our developers are well trained in both current and emerging technologies. They also need to stay informed about the latest threats they may encounter while coding.
A Winning Combination between Intuitive Platform and Exceptional Service
What do you like best about the product?
We appreciate the wide range of features offered: the platform is easy to use, simple to implement, and integrates smoothly with Okta. It also provides numerous learning paths, regularly updates its content, and offers excellent customer support.
This versatile platform delivers more than just content—it creates a gamified experience for our Security Champions program, including tournaments, quizzes, and a points system. Our developers are also pleased with the platform, rating it an average of 9 out of 10.
What do you dislike about the product?
We don't have any particular feedback at the moment, but it occurs to me that adding an AI chatbot with all the content vectorized in a RAG could be useful. This feature would make it easier for developers to look up security code information. Although we never listed this as a requirement, writing this review made me realize it could be a valuable addition—just something nice to have.
Regarding the Threat Model API, it would be helpful if there were more endpoints available. This would allow for greater automation of workflows and make it possible to create diagrams entirely outside their platform while still using their API.
What problems is the product solving and how is that benefiting you?
We needed quality content to run our Security Champions program. But not only content, also a gamify platform with tournaments, quizzes, certifications, etc.
Senior Information Security Specialist
What do you like best about the product?
Customer Support, Ease of Use, Ease of Integration, Ease of Implementation, Number of Features.
What do you dislike about the product?
the training content not being in Turkish, Frequency of Use.
What problems is the product solving and how is that benefiting you?
It raises awareness among software developers about writing reliable code.
Secureflag is a great an engaging tool which really benefits every developer.
What do you like best about the product?
The hands-on labs, where an unsafe situation can be "re-lived" by the developer and then mediated.
What do you dislike about the product?
In seldom cases (usually code review labs) the criteria for a successful completion on the first try are hard to be met. But this is really very seldom.
What problems is the product solving and how is that benefiting you?
Secureflag helps us to achieve our goals that we have set to meet coding quality and security standards.
Great developer training platform
What do you like best about the product?
The Secure Flag platform has allowed us to easily deliver high quality secure development training to our engineers. The educational materials they deliver are first class and the hands-on experience it provides are way better than other solutions on the market we've tried.
As a regulated business in the financial services sector, the security of our applications is something we take very seriously, and we are confident that we are equipping our engineers with the best training to keep our customers and our business safe.
The onboarding process was easy, and the team we dealt with (shout out to Christian!) were super helpful - even now, still checking in to make sure everything is going well. Now that we've been enrolled with them for around 6 months I can say that we're still getting great service and care from our customer success manager Naveen, and our account manager Carla.
What do you dislike about the product?
The management dashboard isn't the most intuitive, but they have instruction materials available it's ok once you get the hang of it.
What problems is the product solving and how is that benefiting you?
Secure Flag is allowing us to ensure our engineers are always trained to the highest level, and are therefore ensuring that the code as secure as can be.
SecureFlag covers training for developers thoroughly . Real lab environment got developers hooked.
What do you like best about the product?
There are mainly three factors that made us decide in facor of SecureFlag:
ease of adoptions - sensibly grouped learning paths and easy administration/ implementaiton plus with our license developers can also use the platform in their free time; and they actually do and love to use it frequently.
interactivity - the actual labs separated SecureFlag from other contestants, developers solve real code in real virtual environments
quality of content and suppert - SecureFlag covers a wide range of frameworks and adds constantly new, relevant content; the customer sucess is really outstanding
What do you dislike about the product?
We only encountered two challenge or thins we would improve
administering trainingsplans. If there could be be some distinction between new and existing employees
The SDLC content can be more interactive
But on both sides customer success management is working actively and very supportive with us
What problems is the product solving and how is that benefiting you?
Our developers are getting practical security knowledge and up-to-date information on a large variety of frameworks. It not only covers OWASP Top 10 but also operations technologies like Kubernetes, Cloud and new technologies like AI/ML. The real interaction and the interesting presentation make security training not just a compliance topic but an enganging activity.
Secure Coding training that is very effective for software development teams
What do you like best about the product?
SecureFlag is very effective at providing the Secure Coding training for our development teams.
As a company we are required to provide this training to all our software developers, and SecureFlag has been the most popular platform within our development teams. We have positive feedback about SecureFlag which compares very favourably with feedback from other secure coding platforms tried before.
There are many things to like about SecureFlag, a couple of these are:
- it is easy for developers to appreciate the relevance and importance of the training
- the ThreatCanvas threat modeling tool is very good indeed
and there are other reasons for appreciating what SecureFlag offer, not least the excellent customer support.
To sum up, we are pleased with secureFlag and value the service it provides.
What do you dislike about the product?
There is nothing to dislike about SecureFlag.
When we first introduced the training to our development teams there was some feedback about too many notifications, but this was easily reconfigured to a level that they liked.
What problems is the product solving and how is that benefiting you?
As a company we are required to provide training in Secure Coding to all our software development teams . To achieve a good compliance rate we need a training platform that is relevant, engaging and easy to use. SecureFlag offers all this and compares very favourably with the other secure coding training platforms that we used in the past.
