Introducing CodeChum

Launched just two years ago, CodeChum has made significant strides in bridging the gap between academia and tech industry. With partnerships across 70 schools and a growing user base of 15,000 students, CodeChum connects learners with both local and international companies, empowering students to transition from education to employment. As their platform expanded, so did their need for robust cybersecurity to protect sensitive student and institutional data. They recognized that securing their platform was paramount in maintaining trust with their users, schools, and corporate partners.

CodeChum’s increasing responsibility to safeguard sensitive personal information, student performance metrics, and other confidential data brought them to a critical juncture: securing their platform was no longer optional—it was essential.

The Intersection of Education and Cybersecurity

In recent years, the education sector has faced a sharp rise in malware and ransomware attacks globally. According to SonicWall’s 2023 Cyber Threat Report, malware attacks in the education sector surged by 157% in 2022. Similarly, Malwarebytes’ 2024 report labeled 2023 as the “worst year on record” for ransomware in education, with a staggering 70% increase in such attacks.

While digitalization in the education sector remains important and continues to rise amidst these cyber threats, it has become equally essential for Educational Technology (EdTech) platforms like CodeChum to pay important attention to cybersecurity.  As these platforms handle sensitive information, including students’ personal details and performance records, it is crucial to protect these data to preserve user trust and credibility while continuously providing innovative solutions to improve their users’ learning experiences.

By partnering with Secuna, CodeChum has reinforced its commitment to safeguarding the personal information and performance metrics of thousands of students, ensuring that their platform remains secure and trustworthy in an increasingly vulnerable digital world.

CODE to Cybersecurity Commitment

CodeChum’s dedication to cybersecurity and preserving the trust of their clients are reflected in the code of their core principles:

Credibility: CodeChum ensures that their platform remains a trusted resource by implementing rigorous security measures. Their focus on maintaining credibility strengthens relationships with partners and users, proving their commitment to data protection.

Heightened Trust: By partnering with Secuna, CodeChum was able to deliver a Certificate of Cybersecurity Compliance along with other relevant documents to their partners, providing a formal assurance that the platform has been thoroughly tested and secured by a reputable cybersecurity company.

User Protection: Securing their users’ sensitive information is an important priority for CodeChum. By finding and reducing vulnerabilities in their assets, they lessen the risk of exposing their users to data breaches, securing their long-term success and the integrity of their platform.

Mitigating Risks: CodeChum’s approach to cybersecurity is strategic, ensuring that security is not an afterthought but a critical business value, protecting both their platform and their community.

Why Secuna?

Selecting the right cybersecurity partner is pivotal to a platform's security. For CodeChum, this decision was crucial, driven by the urgent need for robust protection and rapid response.

From the outset, CodeChum needed a cybersecurity partner that could deliver quick results while providing extensive asset protection. With their growing user base and sensitive student data, it is imperative to mitigate risks as quickly as possible. Time was of the essence, and the security of their platform was paramount to maintaining their partnerships and user trust.

Secuna quickly stood out as the top choice for several compelling reasons. As the first cybersecurity company recognized by the Department of Information and Communications Technology (DICT) to reach out, Secuna immediately demonstrated its credibility as a proactive and reliable partner in securing organizations. Additionally, Secuna’s deliverables—including a Certificate of Cybersecurity Compliance and a comprehensive, well-documented pentest report—offered significant value to CodeChum, providing the tangible proof of platform security needed to reassure both their partners and users.

The Engagement

The collaboration between CodeChum and Secuna was marked by an efficient and thorough approach to identifying and addressing security vulnerabilities. Here’s a detailed look into the engagement:

  • The penetration testing for CodeChum’s programming education platform was done based on frameworks like OWASP WSTG, the Top 10 Web Application Vulnerabilities, and the Top 10 API Weaknesses.
  • Secuna’s own methodologies for penetration testing were also applied to CodeChum’s platform.
  • Detailed reports were provided in real-time in the Secuna platform, allowing CodeChum to immediately address high-priority items even while the testing was still ongoing.
  • Secuna provided unlimited retesting to properly verify the effectiveness of the fixes applied by CodeChum on the discovered vulnerabilities.
  • Secuna and CodeChum maintained agile and highly collaborative communication between teams through the Secuna Platform, making remediation and verification of fixes highly efficient.

And these actions yielded the following outcomes:

  • The Secuna team submitted the first detailed report within the first 5 hours of the engagement, with reports consistently delivered promptly.
  • Among the identified vulnerabilities, two (2) were rated with Critical severity by the Secuna team, one of which had the highest possible severity score on the CVSS.
  • The two (2) critical issues were reopened multiple times during the retesting phase, highlighting Secuna’s meticulous fix verification process and CodeChum’s eagerness and diligence in implementing robust fixes for these key vulnerabilities.
  • The CodeChum team fixed a total of five (5) vulnerabilities identified by the Secuna team.
  • The CodeChum team demonstrated impressive efficiency by resolving the first valid report submission within just 3 days, showcasing their dedication and speed in applying fixes.
  • The CodeChum team showed a commendable average remediation time of 2.6 days.
  • The CodeChum team met their engagement deadline by swiftly addressing and resolving issues, showcasing the effectiveness of Secuna’s real-time reporting and agile pentesting approach through Secuna’s platform.

Moving Forward

By partnering with Secuna, CodeChum was able to significantly bolster the security of their platform. The vulnerabilities identified during the penetration test were promptly resolved, allowing CodeChum to maintain the trust of their students, schools, and corporate partners. Not only did they fix the immediate issues, but the engagement also led to long-term improvements in CodeChum’s development workflow.

According to CodeChum, while their security practices were already in place, the collaboration with Secuna pushed them to adopt more robust measures, such as conducting regular code security reviews and incorporating additional security tools into their development pipeline. Their successful partnership with Secuna has laid the groundwork for a more secure and reliable platform, which they will continue to build upon.

For organizations that prioritize the safety of their clients, CodeChum’s advice is simple:

“Choose Secuna for your VAPT needs. They align with your business goals and consistently go above and beyond to meet deadlines.”

Secuna remains committed to providing top-tier cybersecurity solutions, helping clients like CodeChum secure their platforms, protect their data, and stay ahead of potential threats.

Want to experience it first-hand? Collaborate with us now!