Docs/Getting Started/Platform Overview

Platform Overview

SecureCodingHub is an interactive secure coding training platform that teaches developers to identify and fix security vulnerabilities through hands-on practice. It covers 185+ vulnerability types across OWASP Web, API, Mobile, and Client-Side Top 10 categories.

What is SecureCodingHub?

SecureCodingHub provides two training modes designed to build real-world secure coding skills:

Practice Mode

Code review challenges where developers find vulnerable code blocks and select the correct fix. Available in 7 backend languages, 3 frontend frameworks, and 2 mobile platforms.

Learn Mode

Interactive step-by-step attack scenarios with a simulated browser environment. Developers walk through real-world attack chains to understand how vulnerabilities are exploited.

Supported OWASP Categories

Training content is organized across four major OWASP security standards:

CategoryTopicsDescription
Web Top 1010 modules, 50+ topicsSQL Injection, XSS, CSRF, Broken Access Control, and more
API Top 1010 modules, 40+ topicsBOLA, Broken Authentication, Mass Assignment, SSRF, and more
Mobile Top 1010 modules, 30+ topicsInsecure Storage, WebView Injection, Certificate Pinning, and more
Client-Side Top 1010 modules, 40+ topicsDOM XSS, Prototype Pollution, Local Storage Secrets, and more

Supported Languages & Frameworks

Backend Languages

JavaScript
TypeScript
Python
Java
C#
PHP
Go

Frontend Frameworks

React (TS)
React (JS)
Vue (TS)
Vue (JS)
Angular (TS)
Angular (JS)

Mobile Platforms

Swift (iOS)
Kotlin (Android)

User Roles

SecureCodingHub has three user roles with different access levels:

RoleAccess
Platform AdminFull access to all organizations. Can create organizations, manage SSO/SCIM configuration, and control platform-wide settings.
Org AdminManages their organization's users, teams, and assignments. Has access to the admin dashboard with analytics and progress tracking.
LearnerCompletes practice challenges and learn scenarios. Tracks personal progress and earns XP.

Dashboard at a Glance

Here's what the admin dashboard looks like when you first log in:

app.securecodinghub.com/dashboard
Total Users
124
Active (30d)
89
Challenges Done
1,847
Avg Score
78%
Leaderboard
#1Sarah Chen4,280 XP
#2James Park3,910 XP
#3Emma Wilson3,650 XP
#4Alex Kumar3,420 XP
#5Maria Santos3,100 XP
Next steps: Head to the Quick Start Guide to set up your organization and add your first users.

How the Two Modes Complement Each Other

Practice and Learn are not the same exercise in two formats. Practice Mode targets code-level pattern recognition: given a few lines of code, can you spot the unsafe primitive and pick the safe replacement. It is fast, repeatable, and best for building muscle memory across a wide surface of vulnerability types. A developer who has seen forty SQL injection variants in Python and TypeScript will catch the next one in a real pull request without thinking. See Practice Mode for the two-phase flow.

Learn Mode covers what Practice cannot. A code review challenge shows you a snippet, but real vulnerabilities live in the gap between two files, two services, or two layers of trust. Learn scenarios put you in front of a simulated application and walk you through the attacker's path: discovery, exploitation, impact, prevention. That context is what turns a checklist mitigation into a design instinct. Use Practice for breadth, Learn for depth. New hires usually start with one Learn scenario per category before grinding Practice in that category. See Learn Mode for scenario structure.

Why the Platform Is Structured Around Vulnerability Classes

The catalog is organized by OWASP category and vulnerability type, not by programming language. That is deliberate. Vulnerabilities are language-agnostic ideas: SQL injection is a question of how user input reaches a query plan, whether the query lives in Python, Java, or Go. A platform organized by language ends up siloing knowledge. A Python developer learning XSS in their language never sees that the same primitive appears in Vue, Angular, and React with different escaping rules. Organizing by class avoids that gap.

The stack preference system handles the language-specific surface area underneath. You pick your stack once via Stack Preferences, and every challenge defaults to a syntax you read fluently. Underneath, the same vulnerability class is taught with the same conceptual frame across all supported stacks. When you later move teams or learn a new language, the concepts transfer immediately because they were never tied to one syntax in the first place.