I would like the team to make users like me aware of the new features sooner, so we can get the most from this product. Otherwise, there is no disadvantage.

There are two parts that I think should be improved. Both the web page and the report have the same issue. Both are sometimes messy and very difficult to find information. You need to know where to look and especially where to find information. It can be a bit confusing in both the report and the web page. Quite often, I keep learning new things because some of the information is quite hidden. You need to click this link, then click here, and go here. Then, "Wow," you get so much information that you didn't know existed. Information is a bit hidden and there should be an easier way to access it after a scan is generated.

You should find out all the places where the information can be stored because sometimes you can test and think that you have all the available information, but often there is more. It would be good if there was a good explanation from Veracode about where exactly to find all the information on how to get the best from the system, since it is a very powerful tool and to use it sometimes requires a bit of knowledge.

It would be good if there were more assignment problems in the inventory, as well as more randomness in the coding examples.

At some points, we faced problems because we were not able to complete an assignment. It took a while to understand what was wrong but this is related to the fact that some of the exercises are very difficult in terms of coding. An exercise is only complete when the output exactly matches what is expected. In this regard, I think that the system should be more flexible in terms of what it accepts from the user.

I had some trouble logging on to the Security Labs service. Direct username passwords are not supported. A single sign-on service is required and I was not able to add my external email address. As such, I was not able to add Veracode's assignments directly to my LinkedIn profile. It's a feature that I was not able to take advantage of. However, it did not matter because I was able to add the certifications to my profile manually.

At this point in time, the platform seems to be focused on web-based applications. For additional features, I can see opportunities for other types of technologies, like mobile applications, batch processing, and backend services or message queue processing. I suspect that these additional types of learning would be difficult to provide through a web-based learning environment, but not impossible.

Web application development covers much of the industry, but there are also developers working with these other technologies that could benefit from a learning environment more specific to their technologies.

The only area of this solution that needs improvement is the pricing for startups.

I would have liked to see a bit better auto-completion in the IDE, and there was a typo in one of the questions where the code you were supposed to copy was missing a pair of parentheses. I'm sure the typo messed up a lot of people. 

The database portion of it where it's loading and analyzing. That seemed to be a little more laborious compared to the Java stuff which was easier to use and more streamlined.

Its ability to handle more types of files and making it work better with databasing and other API could be improved. That would be really nice.

Developers frequently complain to me about the user interface and the difficulty in navigating the web site. I too have had some very frustrating moments trying to find things. I do not find the dashboards all that helpful though they are pretty and there seem to be plenty of them. I am running out of critiques to say about Veracode but it seems I must use 500 characters regardless of what I need to say. It seems like an arbitrary requirement. I'm still not at 500 yet. Can I say that this requirement should be cut in half?

The following areas should be improved:

• Veracode Security Labs should cover more than only the OWASP Top 10. 
• A more advanced Veracode Security Labs should be added. 
• More Java-based labs should be added; ideally, all Veracode Security Labs will be available in the Java language.
• Veracode Security Labs should provide better support for code completion and syntax control (when applied eg. Java) when working on the application code.
• Some Veracode Security Labs are too easy to complete, although this is a subjective opinion.

There could be better integration between the API and the pipeline systems. For example, if you do penetration tests and you want to share the results with the DevOp team's pipeline, you cannot do it automatically because the API is not good enough.