Docs/Getting Started/Platform Overview

Platform Overview

SecureCodingHub is an interactive secure-coding training platform that teaches developers to identify and fix security vulnerabilities through hands-on practice. The catalog spans 200+ topics across the nine OWASP top-10 standards currently shipped (Web, API, Mobile, Client-Side, LLM, Agentic AI, AI Dev Tools, Cloud-Native, CI/CD), and the learner experience is available in eight UI languages.

What is SecureCodingHub?

SecureCodingHub provides two training modes designed to build real-world secure coding skills:

Practice Mode

Code review challenges where developers find vulnerable code blocks and select the correct fix. Available across seven backend languages, six frontend stacks (React, Vue, Angular — each in TypeScript and JavaScript), and two mobile platforms.

Learn Mode

Interactive step-by-step attack scenarios with a simulated browser environment. Developers walk through real-world attack chains to understand how vulnerabilities are exploited.

Supported OWASP Categories

Training content is organized across nine OWASP security standards grouped under three pillars (App / Cloud / AI):

CategoryTopicsDescription
Web Top 1010 modules, ~80 topicsSQL Injection, XSS, CSRF, Broken Access Control, and more
API Top 1010 modules, ~25 topicsBOLA, Broken Authentication, Mass Assignment, SSRF, and more
Mobile Top 1010 modules, ~30 topicsInsecure Storage, WebView Injection, Certificate Pinning, and more
Client-Side Top 1010 modules, ~24 topicsDOM XSS, Prototype Pollution, Local Storage Secrets, and more
Cloud-Native~31 topicsPublic S3 Buckets, IMDS Exposure, IaC Secrets, Container Runtime, and more
CI/CD~10 topicsPipeline Poisoning, Dependency Confusion, Secrets in Repo, Runner Risks, and more
LLM Top 10~32 topicsPrompt Injection, PII Disclosure, RAG Poisoning, RCE via Output, and more
Agentic AI Top 10~30 topicsMemory Poisoning, Tool Misuse, Goal Hijacking, HitL Fatigue, and more
AI Dev Tools~23 topicsCode Paste Leak, Vulnerable Pattern, README Poisoning, MCP Exposure, and more

Supported Languages & Frameworks

Backend Languages

JavaScript
TypeScript
Python
Java
C#
PHP
Go

Frontend Frameworks

React (TS)
React (JS)
Vue (TS)
Vue (JS)
Angular (TS)
Angular (JS)

Mobile Platforms

Swift (iOS)
Kotlin (Android)

User Roles

Inside each organization, users are one of two roles:

RoleAccess
Org AdminManages users, teams, assignments, custom courses, SSO, SCIM, SCORM, API keys, webhooks, audit log, compliance dashboards, and organization settings.
LearnerCompletes practice challenges and learn scenarios, tracks personal progress, and earns XP.

Full breakdown at Roles & Permissions.

UI Languages

The learner and admin interface is translated into eight languages. Users pick their UI language from the top bar; the selection persists across sessions.

English (en)
Türkçe (tr)
Español (es)
Français (fr)
Deutsch (de)
Русский (ru)
日本語 (ja)
한국어 (ko)

Training-content translations are rolling out separately — challenge scenarios and prose translate into the same language set as they are localized.

Dashboard at a glance

Here is the admin dashboard you land on at first sign-in:

app.securecodinghub.com/organization
Dashboard
Organization-wide training snapshot
Completion Rate
76%
Active Users
89 / 124
Avg Score
132 / 160
Avg Challenges / User
14.9
Leaderboard
Top 5 by XP
#1Sarah Chen87 chal12 scn4,280 XP
#2James Park87 chal12 scn3,910 XP
#3Emma Wilson87 chal12 scn3,650 XP
#4Alex Kumar87 chal12 scn3,420 XP
#5Maria Santos87 chal12 scn3,100 XP
Next steps:Head to the Quick Start Guide to set up your organization and add your first users.

How the Two Modes Complement Each Other

Practice and Learn are not the same exercise in two formats. Practice Mode targets code-level pattern recognition: given a few lines of code, can you spot the unsafe primitive and pick the safe replacement. It is fast, repeatable, and best for building muscle memory across a wide surface of vulnerability types. A developer who has seen forty SQL injection variants in Python and TypeScript will catch the next one in a real pull request without thinking. See Practice Mode for the two-phase flow.

Learn Mode covers what Practice cannot. A code review challenge shows you a snippet, but real vulnerabilities live in the gap between two files, two services, or two layers of trust. Learn scenarios put you in front of a simulated application and walk you through the attacker's path: discovery, exploitation, impact, prevention. That context is what turns a checklist mitigation into a design instinct. Use Practice for breadth, Learn for depth. New hires usually start with one Learn scenario per category before grinding Practice in that category. See Learn Mode for scenario structure.

Why the Platform Is Structured Around Vulnerability Classes

The catalog is organized by OWASP category and vulnerability type, not by programming language. That is deliberate. Vulnerabilities are language-agnostic ideas: SQL injection is a question of how user input reaches a query plan, whether the query lives in Python, Java, or Go. A platform organized by language ends up siloing knowledge. A Python developer learning XSS in their language never sees that the same primitive appears in Vue, Angular, and React with different escaping rules. Organizing by class avoids that gap.

The stack preference system handles the language-specific surface area underneath. You pick your stack once via Stack Preferences, and every challenge defaults to a syntax you read fluently. Underneath, the same vulnerability class is taught with the same conceptual frame across all supported stacks. When you later move teams or learn a new language, the concepts transfer immediately because they were never tied to one syntax in the first place.