May 6, 2025

End the 'Speed vs. Security' Battle with AppSec Range Exercises

Announcing a market-first Immersive One capability that embeds secure development practice into a hyper-realistic, hands-on workflow for DevSecOps teams.

Contributors

Rebecca Schimmoeller

Lead Product Marketing Manager

Immersive

Heads of Application Security (AppSec) are caught in a constant battle: accelerate development velocity or ensure code is secure. You're alarmed by the high rate of vulnerabilities, but integrating security into the developer workflow is a daily struggle. Traditional training fails. It pulls developers out of their flow, feels theoretical, and doesn't build the practical skills needed to fix real-world flaws, making it impossible to assess or improve your team's true skill level.

Introducing AppSec Range Exercises—Now Live!

We are excited to introduce AppSec Range Exercises, a new capability now available to Immersive AppSec and Immersive One platform customers. From today, this live, collaborative simulation equips your developers, engineers, and security teams to work together to identify, triage, and fix application vulnerabilities in real-time.

This new capability complements our existing library of Immersive AppSec hands-on labs, creating a unified solution to prove and improve your DevSecOps teams’ cyber readiness.

Why It Matters: From "Battle" to "Business as Usual"

A staggering 67% of developers knowingly release vulnerable code, not because they don't care, but because traditional training doesn't stick and there was no other path forward. This new capability helps leaders:

Prove developer-led security readiness to leadership with evidence from realistic, high-pressure scenarios.
Improve developer security skills with practical, hands-on experience, not abstract theory.
Benchmark team performance with detailed insights on fix accuracy, completion rates, and common failure points.
Drive developer engagement, not friction: Embed security into existing workflows. The competitive aspect AppSec Range Exercises delivers "makes you feel invested," says Immersive Lead AppSec Engineer Barnaby Stewart, fostering teamwork and practical skill-building.

How It Works: A Live-Fire Exercise

During the simulation, your team logs into "Blossom," a fictional HR application with a ticket board full of known vulnerabilities.

Engineers jump in just like a real sprint: they assign and pair-program on tickets, write patches, and merge code using Git workflows. A single click in the verification console spins up automated tests on a live server, returning instant feedback. If a test fails, the team must collaborate to find the bug, adjust their code, and push the fix again, all while under pressure.

The interactivity is what makes it stick. As Immersive Data Engineer Katie Carr-Ferguson describes, “You divvy up tickets, pair-program, review PRs—it’s exactly what we do day-to-day.” This approach covers the full software development lifecycle, building critical muscle memory and fostering real teamwork.

From Security Skeptics to Security Champions

Developers knowingly releasing vulnerable code undermines organizational resilience. Your AppSec team might preach "shift left," but developers often see security as a blocker to delivery, not a quality control that improves speed.

The Immersive One platform bridged this gap. It's the one place where you can prove and improve job-relevant skills, giving you the power to transform organizational weaknesses into measurable growth opportunities.

Our new AppSec Range Exercises capability—designed by engineers, for engineers—dramatically accelerates this value. It eliminates the "training vs. doing" barrier, giving you the flexibility and control to transform any developer's mindset from "security skeptic" to "security champion"—all within a familiar workflow. As Immersive Senior Front-end Developer Joe Berkem said, it’s a “brilliant exercise—feels like working on a product, not a lab, and really fosters teamwork.”

It’s time to stop hoping your developers care about security and start proving they have the skills to build it.

Next Steps

Already Using Immersive AppSec? Contact your Customer Success Manager to add AppSec Range Exercises or see our full catalogue of AppSec Range Exercise scenarios available in our Help Center.

Exploring Immersive for the first time? Discover how Immersive One turns security from a blocker into a developer-led practice. Book a demo.

Trusted by top
companies worldwide

customer insights

"The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge."

TJ Campana

Head of Global Cybersecurity Operations, HSBC

"Realistic simulation of current threats is the only way to test and improve response readiness, and to ensure that the impact of a real attack is minimized. Immersive’s innovative platform, combined with Kroll’s extensive experience, provides the closest thing to replication of a real incident — all within a safe virtual environment."

Paul Jackson

Regional Managing Director, APAC Cyber Risk, Kroll

"Exploring cybersecurity can feel like a huge challenge with so many skills to master, but Immersive has made the journey so much easier for me over the past five years. This practical, interactive approach hasn’t just improved my technical abilities—it’s given me a real sense of confidence. I truly recommend Immersive!"

Paul Blance

Specsavers

"I recently got the chance to try out Immersive, and it was an enlightening experience! The gamified learning made absorbing new information quite enjoyable. The community is welcoming, adding to the overall positive atmosphere. It would be fantastic to see more active users, which could enhance collaboration and discussions. Overall, a solid platform!"

Atakan Bal

Mercedes Benz