Choose the right plan for your developers

Take the first step towards securing your application environment

- For Teams with 5-15 Developers -

Squad

The ultimate package for your
tight-knit squad

Premium Course Access
Full Premium Access

Languages & Frameworks
Full Premium Access

SSO/SAML/AD Integration

API Endpoints

Full Industry Compliant Training

(OWASP TOP 10/HIPPA/PCI DSS/ISO27001/SOC2)

Full Compliance Reporting Capabilities

SCORM Compliant Content

Enterprise Volume Discount

- Starting from 16 Developers -

Brigade

For the brigades who never
stop growing

Languages & Frameworks
Full Premium Access

SSO/SAML/AD Integration

API Endpoints

Full Industry Compliant Training

(OWASP TOP 10/HIPPA/PCI DSS/ISO27001/SOC2)

Full Compliance Reporting Capabilities

SCORM Compliant Content

Enterprise Volume Discount

	- For Teams with 5-15 Developers -	- Starting from 16 Developers -

	Squad	Brigade
	The ultimate package for your tight-knit squad	For the brigades who never stop growing


Premium Course Access	Full Premium Access	Full Premium Access
Languages & Frameworks	Full Premium Access	Full Premium Access
SSO/SAML/AD Integration
API Endpoints
Full Industry Compliant Training (OWASP TOP 10/HIPPA/PCI DSS/ISO27001/SOC2)
Full Compliance Reporting Capabilities
SCORM Compliant Content
Enterprise Volume Discount

Trusted by leading companies around the world

Frequently Asked Questions

Is your training content OWASP Top 10 compliant? Do you support the latest OWASP Top 10 standard?

Yes. OWASP Top 10 is just a high-level standard. We (at Kontra) believe that developer security education is not limited to just OWASP Top 10 risks and that there are other security topics developers should be aware of, therefore we go beyond what OWASP Top 10 mandates that developers should be educated on and include other additional content.

Is there progressive learning - easy, medium, or hard for all modules?

This categorization of difficulty levels (easy, medium, and hard) is not applicable to developer security education.

For example, a SQL Injection vulnerability cannot be categorized as easy, medium, or hard since the vulnerability is a high-risk issue, and therefore regardless of a developer's experience and seniority, every software developer in an organization must know what this issue means and how it impacts the security of your application.

However, we do categorize courses by roles and job functions. See the next question.

What developer roles are covered? Please provide a list if available.

Kontra offers training for the following:

Frontend Developers: These are developers who focus on UI/UX development
Backend Developers: These are developers who focus on developing the backend business
logic and functionality of the platform.
Database Developers: These are developers who focus on developing the backend business
logic and functionality of the platform.

Does Kontra offer training to non-developer roles beyond software developers such as Quality Assurance teams and system architects?

Yes. A large number of Kontra’s customers use our training to educate Quality Assurance teams on developing attack test cases and security use/misuse cases.

Our content is further used by system architects to educate them on the common attack surfaces present during the design stage of an application.

What languages are covered? (Python, Java, etc.) Please provide a list if available.

Kontra covers all leading programming languages and frameworks such as:

Java
.NET
Ruby on Rails
Python(Django)
Python(Flask)
Scala
Kotlin
Node.js
GO
PHP
Angular
React
Vue.js

Do all languages and roles have the same/equal amount of content available?

Yes, all languages contain a similar number of exercises and vulnerability scenarios.

What kind of statistics does the platform provide to the administrator?

Kontra captures the following statistics for every learner on our LMS:

Course Start Database
Total Time Spent
Total Progress in %
Last Login Time
Total Time spent on every course
Total Time spent on primary course
Total Time spent on every exercise
Number of times an exercise was attempted
Certificate of Completion(PDF)

Does Kontra offer an administrative dashboard that allows learning administrators to manage and track users?

Yes, Kontra’s Cloud LMS (Learning Management System) offers a detailed dashboard to manage learning outcomes, assign courses, track users, send reminders, download and publish certificates of completion, and APIs to download data programmatically.

Does Kontra’s Learning Management System offer creating Teams and Roles?

Yes. We offer the creation of Teams/Groups and Roles to facilitate easier management of users.

Does all content also contain hands-on labs? If not, what content does not?

Since Kontra is not a video education platform, every exercise is offered as a hands-on interactive lab where developers must interact with the lab on every step.

Do the labs require the developer to complete the task successfully before moving forward?

Yes. Unlike video training where learners can skip parts of the video, all Kontra labs are hands-on interactive modules that must be followed step-by-step and cannot be jumped or skipped.

Does the platform send email reminders to developers for new training?

Yes. Kontra offers a reminders feature that allows administrators to send reminders to:

Single Users
Multiple Users
Send reminders based on % of completion i.e. Send reminders to all users that have only completed 20% of their primary course etc.

How often is the content updated?

Kontra adds new modules and courses every quarter. These updates could be:

Improvements in the existing content library
New courses on topics
New exercies for existing courses

However, unlike our competitors we are not aiming to stuff our platform with repetitive content, a practice known as “content stuffing” - Developers can sense and pick this up very quickly and will not engage with the training if the content is simply updated for the sake of it.

How often is completely new content and exercises added?

A minimum of two courses are added annually.

Is old content refreshed or have new variations added?

Yes, all content is QA’d and updated based on evolving improvements of a programming language.

Do your training courses meet any common accreditations or compliance requirements like NIST? PCI? Please provide a list if available.

Our customers use Kontra to meet their compliance obligations for a number of compliance standards including:

PCI (Payment Card Industry) compliance requirements.
HIPAA
SOC2
ISO27001

Does Kontra’s Learning Platform offer an API (Application Programming Interface)

Yes. Kontra’s LMS API can be used by a customer to download all the learning and progress data for every learner programmatically and use this information in internal dashboards or reporting tools.

Does Kontra offer integration with third-party Learning Management Systems (LMS)?

Yes. Kontra is the only company to offer interactive educational content for developer security training as SCORM packages that allows loading and running our content on third-party LMSs.

What third-party Learning Management Systems do you support?

Any learning management system that supports the SCORM 1.2 or SCORM 2004 standard will automatically run Kontra content out of the box.

Some leading learning management systems that Kontra customers use today:

Workday
Articulate Rise
Docebo
CornerStone
Lessonly
SkillSoft
Saba
SAP SuccessFactors
Moodle

Does Kontra offer Integration with a Single Sign-On provider?

Yes. Kontra supports SAML 2.0, and is compliant with the following SSO providers including but not limited to:

Okta
Google Apps
Ping Indentity
Azure AD
Microsoft AD
SailPoint
OneLogin
Auth0

Ready to get started?

Experience the full Kontra platform
and see what it can do for you and your team.