×

Mapping Vulnerabilities to Security Training: Our Open API's Innovative Approach

We’re excited to announce the launch of the SecureFlag Knowledge Base Third-Party Integration! Our team recently published a new public API for third-party vendors to seamlessly integrate with SecureFlag content and labs, delivering just-in-time security training to their customers.

Integrate with SecureFlag through Our Open API Innovative

At SecureFlag, our mission is to close the gap between developers and security professionals, knowing full well how disruptive it is to be torn away from a time-sensitive task only to spend endless hours diving down security rabbit holes.

Well, no more Alice entangled in the Wonderland of the interwebs! Our integration enables software applications to consume SecureFlag’s Security Knowledge Base. The SecureFlag Knowledge Base Open API is publicly available, allowing developers and other organisations to build applications that can benefit from integrating with SecureFlag’s hands-on Labs and other resources.

SecureFlag API

By integrating with the SecureFlag API, once a security tool finds a security vulnerability, it’s possible to provide information to the Developer on how to fix that vulnerability (immediately) alongside an example lab in which the Developer can practice before performing the remediation. Since all the information on how to fix the vulnerability is available to the Developer, this greatly reduces the time it takes to remediate a security exposure.

Let’s explore the types of services that can integrate with SecureFlag, and provide guidance on how to integrate our API into various systems.

Which products can integrate with SecureFlag?

The SecureFlag Knowledge Base Open API is designed to work with a wide range of products, including but not limited to:

  • Vulnerability and Risk Management Tools.
  • Bugs and Vulnerability Tracking Software.
  • Penetration Testing Reporting Tools.
  • Static Application Security Testing (SAST) tools.
  • Dynamic Application Security Testing (DAST) tools.
  • Vulnerability Assessment Tools.
  • Cloud Security Posture Management Tools (CSPM).
  • Application Security Orchestration and Correlation (ASOC) platforms.
  • Vulnerable Dependency Scanning Tools.
  • Attack Surface Management Tools.

How to integrate

Whichever tool you administer, add the capability to fetch our up-to-date JSON and process it to map vulnerability information to contextual SecureFlag vulnerability references and hands-on labs.

Start by fetching the data from our SecureFlag Knowledge Base Open API by querying the following URL.

https://knowledge-base.secureflag.com/_vulnerabilities/labs.json

The JSON has a list of objects similar to this.

JSON Objects List

You can go through the list of objects to find the right SecureFlag resources based on your inputs, which can be one or more of the following fields:

  • Vulnerability: The name or type of the vulnerability being mapped.
  • Category: An additional category or classification of the vulnerability.
  • Technology: The technology involved in the vulnerability, or “Agnostic” if none.
  • CWE: A list of Common Weakness Enumeration (CWE) identifiers associated with the vulnerability.

Once you’ve found the correct entry, you can extract the SecureFlag resource’s URLs and other useful information:

  • html_url: A URL that links to an HTML description of the vulnerability.
  • markdown_url: A URL that links to a Markdown description of the vulnerability.
  • labs: A selection of labs that represent hands-on labs associated with the vulnerability, each containing the lab’s title and URL.
  • ASVS: A list containing the Application Security Verification Standard (ASVS) identifiers associated with the vulnerability.

Based on this JSON, you can map your input data and retrieve related URLs for the written vulnerability reference from our knowledge-base website, as well as URLs to immediately run hands-on labs associated with the input vulnerability.

Other ready-to-use integrations

In addition to our open API, we’ve also developed ready-to-use integrations with popular platforms such as Jira, GitHub, GitLab, Azure Boards, Slack, and SonarQube. By leveraging these integrations, you can further streamline your security training processes and make it even easier for your team to access SecureFlag’s resources.

The SecureFlag Knowledge Base Open API is a powerful tool that enables third-party vendors to access and integrate with our content and labs, providing tailored security training for Developers, DevOps, Cloud, and QA engineers. By using our API, you can enhance your security offerings and help your users build the skills necessary to create secure software.

Get started today by visiting our website or contacting our team for a full walkthrough of the possible integrations!

« Why Is It Hard To Write Secure Programs?
Integrating SecureFlag into GitLab for Effective Vulnerability Remediation »