December 31st, 2023
Re-recorded Lessons π
Our content team finished out the year strong by releasing 23 refreshed & re-recorded video lessons:
Threat Modeling Process
Threat Modeling Examples
Server-side Request Forgery (SSRF)
Dynamic Application Security Testing
Six Foundational Truths of Application Security
Privacy Threat Modeling
Privacy Threat Modeling Process
Cross-Site Scripting (XSS) | Part 1
Cross-Site Scripting (XSS) | Part 2
AppSec in DevOps World
Insecure Communication
Next Gen AppSec Tools
Penetration Testing and Bug Bounty
Security Requirements
Vulnerability Scanning
AppSec in an Agile World | Part 1
AppSec in an Agile World | Part 2
Secure Design Principles | Part 1
Secure Design Principles | Part 2
Cryptography
Language Typing
Output Encoding
Cross-site Request Forgery (CSRF)
December 8th, 2023
Updated OWASP API Top Ten & Break/Fix UI Changes π
Our team has been busy and we are ending the year with a flurry of big updates and changes!
Updated OWASP API Top Ten (2023) is here
It includes:
Updated and new video lessons:
OWASP API Top Ten Part 1
OWASP API Top Ten Part 2
OWASP API Top Ten Part 3
Fundamentals of gRPC Security
Fundamentals of GraphQL Security
β
Updated and new Break/Fix lessons:
Broken Object Level Authorization
Broken Authentication
Broken Object Property Level Authorization
Unrestricted Resource Consumption
Broken Function Level Authorization
Unrestricted Access to Sensitive Business Flows
Security Misconfiguration
Improper Inventory Management
Unsafe Consumption of APIs
Break/Fix UI Revamp
We've refreshed the Break/Fix lesson UI to more closely align with our video lesson format. Learners can now make the sandbox full screen, view the instructions only or viewing both side by side.
Additionally, we now include a product walkthrough on all our Break/fix lessons if learners are unsure how to navigate them!
November 27th, 2023
New Break/Fix Filtering π
We've made it easier to find content by adding an additional filter to our Break/Fix lessons. You can now search for content with or without coding tests:
November 12th, 2023
Updated Lessons π
Our Content team has been busy and just re-recorded 19 of our Intermediate (Yellow Belt) lesson. For the full list, check out this article.
October 23rd, 2023
New Content Alert π¨
Our Content Team rolled out a ton of new content this week!
First, we have 6 new lessons about Privacy by Design. This content was added to our Advanced Privacy Engineer Path. They are:
PBD Seven Foundational Principles
PBD Requirements
PBD Privacy Engineering
PBD Risk Management
Mobile Privacy by Design
PBD Privacy Redesign
We also rolled out a dedicated AL/LLM Path and 5 new AI/LLM lessons. We've added:
Introduction to AI/LLM Security
Data Science Engineering for AI/LLM
Model Engineering for AI/LLM
Application and Plugin Security for AI/LLM
AI/LLM Security Toolchain
October 6th, 2023
New Paths & Content Improvements π¨
We are thrilled to announce two new Advanced Paths that cover COBOL and Clojure!
Additionally, we continue expand our language support and you can now use C++ and Kotlin when completing our Credential Reuse lessons.
You can now choose C++ when completing Encoding, Hashing, and Encryption, too.
September 29th, 2023
Content Improvements π¨
We continue expand our language support and you can now use C++ when completing:
Persistent Cookies (Credential ReUse)
Device Fingerprinting (Credential ReUse)
We've also added Perl & PHP as language options when completing:
Information Exposure through Query String Parameters
September 12th, 2023
Role Based Training Paths π
Big changes over here! We've introduced new default paths that we now call Recommended. They contain fewer lessons, are more focused, and are organized by developer role so that they are more time efficient and relevant to each learner!
β
To take advantage of the new paths you must activate them. You can follow our instructions here or contact your Customer Success Manager at customersuccess@securityjourney.com.
September 9th, 2023
New Content Alert π¨
We've released a new Break/Fix lessons this week!
β
βInformation Exposure through Query String Parameters: Lesson showcasing information exposure through query string parameters.
August 7th, 2023
New Feature π
Exciting news! We now support the Google Translate extension for Chrome browsers. When enabled, you will see a "Translate Page" toolbar at the bottom of the webpage where you can select the language you want to see.
The extension can translate all page content, experiments and video summaries. Break/Fix Lessons are not supported at this time.
August 3rd, 2023
Content Improvements π¨
We continue expand our language support and you can now use C++ when completing these Break/Fix Cryptography lessons:
Encryption
Encoding
Hashing
August 1st, 2023
New Content Alert π¨
We've just released new Break/Fix Content that covers Credential Reuse! These four lessons will teach you techniques for preventing credential reuse and credential stuffing attacks:
Multi-Factor Authentication
Persistent Cookies
Device Fingerprinting
Account Lockout
CAPTCHA
July 23rd, 2023
Platform Improvements πͺ
We have a few changes to announce this week!
We've updated the "Lesson Rankings" Report to "Learning Swing" Report.
We also pushed out some improvements to our Tournament Feature after our big release last week:
We added pagination to the Leaderboard page
"Rules" were updated to "Tournament Summary"
Non-required fields (like "Prizes") will not display in the active Tournament summary UI
"Joined Tournament" button will now read "Resume" when a learner is actively in a Tournament
July 13th, 2023
Tournament Update π
We are proud to announce that our Tournaments feature has gotten a much needed overhaul! Tournaments can be created for your entire SDLC - developers and non-developers alike.
Lessons and assignments can now be auto-generated or selected manually
Customizable pre-written tournament notifications enable you to easily communicate with participants
We now include a duration estimate during setup so you know how quickly a tournament can be completed
Enhanced scoring includes attempts, hints, success and coding accuracy all driving points achieved
To learn more, check out our help desk article about Tournaments.
July 6th, 2023
New Features & Platform Improvements πͺ π
It was a big release week here at Security Journey! We've rolled out a few new features that many of you have been asking for:
We've added the ability for learner's who don't have a first or last name populated in their User Profiles to manually add their name to their Platform Certificates!
We've given admins the ability to disable all non-critical platform emails to their learners. This includes: weekly status emails, inactivity emails and unread bell notification emails. We also removed the opt-out settings from the User Profile.
βWe introduced a new Advanced/Green Belt path: Google Cloud Platform Security. In this course, we will examine some general security tips for the Google Cloud Platform. Identify how to best harden storage and manage our secrets. Additionally, we will touch on how to leverage GCP security tools and secure the Google Kubernetes Engine. This path is 20 video lessons.
June 27th, 2023
Translation Support π
The Security Journey Platform now supports the Google Translate Chrome Extension for all learner and admin pages as well as video lesson transcripts. Note: At this time, the Break/Fix content is not supported.
June 19th, 2023
Platform Improvements πͺ
We've rolled out a new feature that allows you to generate unique URLs for all learning paths so that you can quickly link to an entire path!
β
June 6th, 2023
New Metrics π
You asked and we listened! We will now be capturing the time a learner has spent taking training both at the individual lesson level, assignment and path.
This metric has been added to the user profile and all admin reports (as a distinct column)
Note: This is NEW data and will not be applied retroactively. All lesson activity moving forward will be incremented and included in the reporting after this feature was rolled out.
June 1st, 2023
SSO Improvements πͺ
We've updated the URL login behavior when a learner is not logged into the Security Journey Platform. Previously, if you clicked on a URL and weren't authenticated, it would take you to your auth screen and then back to the main landing page. We've improved this workflow! Now, you will be taken to the original URL destination.
This is the preferred behavior if you are using our lesson URLs in a Learning Managment System (LMS).
April 11th, 2023
UI Updates and Improvements π
Our team was busy making some changes and improvements to the Security Journey Platform!
Learners are now awarded points for completing HackEDU Break/Fix lessons in the Platform Leaderboard
The "Personal Security Dojo" has been renamed to "Champion Passport" in the Platform More menu and in the Champion Passport UI.
*The icon on the map has not yet been changed.
April 3rd, 2023
New Content π
Security Journey just released a new path. It's called Green Belt for Embedded Developers. These 23 lessons can be assigned as part of the default path or lessons can be added to any new or existing custom path.
March 31st, 2023
UI Improvements πͺ
Our team wanted to make it easier to identify the different types of content available in our default paths.
We are now organizing paths into three types:
Video: video lessons with assessments & video lessons with experiment content
Progressive: video lessons & break/fix content
Hands-on: break/fix content
March 14th, 2023
Reporting Improvements πͺ
We've made our learning swing metrics available in the Lesson Rankings report. This new column shows the knowledge increase percentage by lesson across the organization! To learn more, check out this article.
February 24th, 2023
New Feature π
We've added Learning Swing to our new HackEDU Break/Fix content in the my.securityjourney.com Platform! This means that learners can now self-assess and their results be added to the Lesson Rankings report.
February 1st, 2023
New Paths π
We are pleased to announce that two new default paths were added to the my.securityjourney.com Yellow Belt. These new Progressive Learning paths were designed to have both HackEDU Break/Fix and video lessons. The paths are:
PCI DSS Compliance
OWASP Top 10: 2021
These are only available to current my.securityjourney.com customers. If you don't have access to my.securityjourney.com and would like to learn more please contact your Customer Success Manager or email customersuccess@securityjourney.com.
January 31st, 2023
New Content π
Security Journey added over 280 HackEDU Hands-on lessons for secure coding training to the AppSec Education Platform found at my.securityjourney.com!
To learn more, check out our latest blog post and NEW Help Desk articles:
If you don't have access to my.securityjourney.com and would like to learn more please contact your Customer Success Manager or email customersuccess@securityjourney.com.
January 26th, 2023
Improvements πͺ
We've made some changes to our Full Catalog feature in preparation of HackEDU Break/Fix content being available in my.securityjourney.com. We've added a new filter called "By Lesson Type" so learners and admins can filter content by:
Break/Fix (HackEDU)
Video
Video with Experiments
January 19th, 2023
New Content ππͺ
This week, our team released three new Default Paths to the Platform:
Green Belt for Azure
Green Belt for Infrastructure as Code
Green Belt for Scala
You can find and assign these as needed by going to Admin > Paths & Quests > Default Paths.
January 9th, 2023
Improvements πͺ
There was an update made to the Path creation workflow to include Scala in our content filters.
January 5th, 2023
New Language & Improvements ππͺ
Happy New Year from the Security Journey team! We are starting the year out strong with Scala content being added to the Security Journey catalog. Additionally, we updated Experiment Playground dropdown to include Go and Typescript content since this is now available.
December 16th, 2022
Improvements πͺ
There have been several improvements made this week to the Security Journey Platform:
We've updated the "max attempts" error messaging in the Platform. Now, when a learner has maxed-out their attempts at completing an assessment they will be directed to rewatch the video before they can try the assessment again
We've resolved an issue that was causing admins and learners to not be able to scroll when using the Full Catalog.
We also improved our infrastructure to allow our experiments to load faster and also displays a loading spinner.
November 11th, 2022
New Feature π
Security Journey admins now have the ability to delete paths, missions and quests as needed from within the UI. To learn more, check out this article.
β
βAt this time, this applies to single tenant Platform accounts not my.securityjourney.com.
October 28th, 2022
Reporting Improvements π
This week, we've updated the Progress Report to include an "Archive" column. We now display the date an admin or learner was archived from the Platform for reporting purposes. This column is also sortable in the UI!
October 7th, 2022
New Content Alert π¨
Security Journey has a new lesson on the block. NEW to our Green Belt is Season 2 of Javascript. Check it out!
September 29th, 2022
New Features π
We had a few new features added to our Mentor and Judgement Requests this week!
Mentor and Judgement requests now have timestamp (in UTC). Admins also have the ability to sort these requests from 'Newest' or 'Oldest.'
We added Activity IDs to our Mentor and Judgement Request feature and have made them searchable.
Admins now have a full WYSIWYG editor and can attach files within the Mentor and Judgement Requests feature.
September 19th, 2022
Features & Improvements ππͺ
Our Engineering team was able to resolve two issues that were affecting admin functionality:
We resolved an issue that was causing archiving users to present an error.
Resolved bug that was preventing admins from filtering on a module name. When trying to filter by typing in a module's name (adding to a quest, path etc.), admins weren't seeing any results.
Additionally, we were informed that customers were confused about the Security Contacts Toggle settings in the admin menu. Now, when text is populated in the Security Contact text field, the feature will be enabled by default!
September 8th, 2022
New Content, Features & Improvements ππͺ
Lots of exciting things in the works! This week, we have a number of important things to announce:
NEW Content
You asked, we delivered. Our Rust Green Belt Path (10 modules) is available now!
β
βMulti-Tournament Support
Admin are now able to enable multiple tournaments at the same time. Previously, you were limited to one. Additionally, admins can now delete a tournament from their view.
Ability to Export Leaderboard and Achievement Wall
We've added the ability to export the data in both the Leaderboard and Achievement Wall within the admin settings.
Knowledge Base π€
You can finally access our Security Journey Knowledge Base from the Platform! We've added a link to our documentation in the More ^ dropdown:
β
April 4th, 2022
Dojo Redesign π
Today is a big day! We've refreshed and simplified our Security Journey Dojo UX/UI so that learners can better navigate the Platform and more easily find and complete the next lesson in their assignment. Lessons completed, points earned and assignments awaiting is prominently displayed on the main map. A new, pulsating orb helps guide learners to their position and the next module on the map.
β
A more intuitive experience and easier navigation means higher engagement for Admins, too! Our most-used features are now front and center.
β
April 4th, 2022
New Features π
This release, we pushed out a lot of new features including:
SAML Approve
User Archive
We've refactored our JWT authentication & implemented JWT secrets rotation
We also have a new certificate design
February 15th, 2022
New Features π
Security Journey is excited to announce that we've added a Terraform - Green Belt Path to our course catalog. Additionally, you will now see your video player remember your preferred settings.
We've also updated our Experiment UI, the look and feel is all-new!
January 6th, 2022
New Features π
Security Journey rolled out two new features to the Dojos:
Allow customization of notifications and congratulations e-mail
Ability to create Security Journey default Paths
December 15th, 2021
New Features & Improvements πͺ
This week, we released two new features to the Dojo and resolved a bug impacting path duration. See details below:
Auto disable paths
All new content will be disabled by default. Admins will need to enable the new content for users to have access to it.
Notes now save automatically (without having to click a button)
Improvement:
Issue with "Total path duration" hours resolved
The accumulated duration of custom paths did not function correctly. With this fix, the correct duration will be displayed.
November 16th, 2021
New Features & Improvements πͺ
Security Journey
Mentor and Judgement Request features under the Activity tab in the Security Journey Dojo was updated to include historical details
The Progress Report in Admin now supports sorting of columns in UI view