Skip to main content

Security Labs quickstart

This quickstart steps you through setting up Security Labs using a free trial or a Security Labs subscription. Veracode Security Labs provides interactive training labs that give developers practical security knowledge.

To set up Security Labs, complete the following tasks:

  • Access Security Labs.
  • Create an introductory campaign.
  • Add users to your account.
  • Create a security training campaign.

Access Security Labs

There are three ways to access Security Labs:

  • Through the Veracode Platform
  • Through a standalone Security Labs account
  • Through a free trial

Access Security Labs from the Veracode Platform

If your Security Labs access is tied to your Veracode account, access Security Labs from the Veracode Platform.

Before You Begin:

  • To access the Veracode Platform, you must have a Veracode human user account.
  • To access Security Labs, your account must have a Security Labs subscription.
  • To create Security Labs campaigns and add users, you must have the Administrator role.
  1. Sign in to the Veracode Platform domain for your region using one of the following methods:

    • If you have a new Veracode account, you received a welcome email that provides a link for activating your account in the Veracode Platform. If you did not receive the welcome email, contact your Veracode Administrator.
    • If you have an active Veracode account, you can sign in to the Veracode Platform using the domain for your region. If your organization uses a Single Sign-On (SSO) portal such as Okta, you can also access the Veracode Platform with SSO.
  2. Select Security Training > Security Labs.

Access Security Labs with a standalone account

Security Labs is available at securitylabs.veracode.com. In this example, you are logging in to a new standalone account for the first time.

This quickstart uses email and password authentication. You can also access Security Labs with SSO.

Before You Begin:

  • You have a standalone Security Labs account.
  • You have the administrator role.
  1. Select the activation link in the email you receive from Veracode.
  2. Enter a password for your account.
  3. Select Log in with Email.

Start a Security Labs free trial

Veracode offers a 14-day free trial of Security Labs. It does not require a Veracode account.

  1. Sign up for a free trial.
  2. Select the activation link in the email you receive from Veracode.
  3. Enter a password for your account.
  4. Select Log in with Email.

Create a campaign

Security Labs content is organized into campaigns. You can use predefined campaigns, or you can create your own. You should create at least one campaign before adding any users.

In this example, you create a campaign of lessons that introduce developers to the Security Labs interface.

  1. In Security Labs, from the top-right corner of the page, select your username.

  2. Select Assign Content.

  3. Select Create New Campaign.

  4. Enter a name. For example, Introduction to Security Labs.

    seclabs_intro_campaign

  5. Select the Developers role.

  6. Select Manually so you can select specific lessons to assign.

  7. Select Create.

  8. In the Current campaigns box, select Add an assignment.

    Each campaign consists of one or more assignments that contain specific lessons with start and due dates.

  9. Enter an assignment title. For example, Getting Started Lesson.

  10. Set the Start date to the current date.

  11. Optionally, set the due date.

  12. To email users when the assignment begins, select Notify users by email when this assignment starts.

  13. Select Update assigned content.

  14. To provide users with a language-agnostic lesson that introduces the Security Labs interface, search for Lesson Zero.

    seclabs_assign_content

  15. Select Assign lab for one or more languages.

  16. Select Add content.

  17. Select Update without sending.

  18. Select Save changes.

Add users to your account

To quickly provide users access to Security Labs and to assign them training content, add users to your account. You can add users manually or in bulk.

If you access Security Labs through a Veracode account, follow these instructions for adding users.

Veracode recommends that you create at least one campaign before adding users so that the users have access to assigned Security Labs content when they activate their accounts.

  1. In Security Labs, from the top-right corner of the page, select your username.

  2. Select All Users.

  3. Select Add user manually.

  4. To add users manually, enter their name, email, and role. For this example, all users have the developer role. To add multiple users at once, see the detailed instructions for bulk uploads.

  5. Select Send invitation emails.

  6. Select Add users.

    Each user receives an email to activate their account. The new users are already assigned to the Introduction to Security Labs campaign you created in Create a Campaign.

Create an OWASP top 10 campaign for developers

To help your users learn about application security, create a campaign that includes multiple lessons for them to complete. In this example, create a campaign with lessons to learn about OWASP Top 10 vulnerabilities.

  1. In Security Labs, from the top-right corner of the page, select your username.

  2. Select Assign Content.

  3. Select Create New Campaign.

  4. Enter an assignment name. For example, OWASP Top 10.

  5. Select the Developers role.

  6. To assign content from a predefined campaign, select Automatically.

  7. Select Next.

  8. Select the languages you want to assign.

    seclabs_select_languages

  9. Select the type of schedule.

  10. Select the focus, which determines the specific labs to include in the campaign. For this example, select Beginner (Introduction to the terminal and basic OWASP 10).

  11. Select Next.

  12. Set the Start date to the current date.

  13. Leave the switches set to the default values.

  14. Select Create.

    Security Labs creates the campaign, assigns the users to the lessons in the campaign, and sends users email notification about these assignments. Users can see the new campaign on their Security Labs dashboard.

Next steps