November 4th, 2024
New AI/LLM Hands-On Content Now Available
We are excited to announce 10 new hands-on AI/LLM lessons are now available on the Security Journey Platform! They include:
AI/LLM | Prompt Injection (HackEDU)
AI/LLM | Insecure Output Handling (HackEDU)
AI/LLM | Training Data Poisoning (HackEDU)
AI/LLM | Model Denial of Service (HackEDU)
AI/LLM Supply Chain Vulnerabilities (HackEDU)
AI/LLM | Sensitive Information Disclosure (HackEDU)
AI/LLM | Insecure Plugin Design (HackEDU)
AI/LLM | Excessive Agency (HackEDU)
AI/LLM Over-Reliance (HackEDU)
*Model Theft (HackEDU)
* Model Theft is a Hacking Challenge
Now there are 3 pre-built Recommended AI/LLM Learning Paths:
OWASP Top 10 for AI/LLM (Video Only)
AI/LLM Security containing both video and hands-on lessons
HackEDU: OWASP Top 10 for LLM Applications containing hands-on lessons only
For more information about our Topic Based Recommended Paths, check out this article.
October 31st, 2024
UI Improvement
Our team recently updated the descriptions within the Downloadable Reports page to provide more accurate information about the frequency at which each report is updated/refreshed.
October 4th, 2024
New Command Injection Lesson
Our new hands-on lesson teaches learners the basics of how unintended code or commands can be injected and and executed. It also covers CWE-88: Improper Neutralization of Argument Delimiters in a Command!
โ
September 13th, 2024
Reporting UI Updates
We've made an important update to our Reporting options within the Admin UI. In the past, you had to click the Reporting option to view all of our downloadable reports. Now it is it's own menu option.
We also have a link to our Reporting API Settings!
August 29th, 2024
Users Filter Improvement & New Hacking Challenge ๐ช๐
Active User Filter
We've made some changes to the Users list to improve the admin experience! Previously, when you loaded your Users list, you would see all users - including archived. We now default to showing only "Active" users (Admins and Licensed Users). You can still view archived and unlicensed but will need to choose those from the filters.
Hack the Gradebook
It's been a while since we launched a new hacking challenge, but the wait is over. Traditionally, hacking challengesโlike capture the flag exercisesโhave been known for their high difficulty and focus on a single vulnerability. However, the Hack the Gradebook challenge is different. This challenge requires learners-turned-hackers to exploit multiple vulnerabilities, all covered by our OWASP Top Ten curriculum, reinforcing key concepts in a hands-on way.
Learner are presented with the login page for an old-school gradebook application inspired by the 1983 Movie WarGames.
August 15th, 2024
Assignment Table Status Improvement ๐ช
Assignments can have a status of "Not Started" again. We had a period of time where all learners were "In Progress" as soon as the Assignment was active.
Now, when reviewing the Assignment Table you will see the following:
Not Started - A learner has been added to an assignment and the assignment is active, but the learner has not started their assignment.
In Progress - A learner has completed a lesson within the assignment.
Overdue - The learner has not completed their assignment by the assignment due date.
July 26th, 2024
Quiz Question Improvements ๐ช
You spoke, we listened! Our Quiz question update is now live! All Security Journey quizzes moving forward will have five questions instead of ten.
โ
To learn more, check out this blog post and help desk article!
July 11th, 2024
Break/Fix Python Language Update ๐
The Content Team is excited to announce an update to the Python version used in our secure code training hands-on lessons! We have upgraded to Python 3.12, ensuring all dependent libraries are up-to-date. With this upgrade, we have released all 50 Break/Fix Python lessons with the new version
June 20th, 2024
Learning Swing Modal Update ๐ช
Text was added to the emojis in our Learning Swing modal (before and after a lesson) to provide you with more context around the potential rating:
June 13th, 2024
Reporting & UI Improvements ๐ช
We've gone ahead and added a "Not Started" status to the Assignment Progress report. Previously, this was missing so it was difficult for admins to identify what learners fell into this category. This is also consistent with the Assignment Table.
Additionally, Break/Fix lessons now open with less of the screen dedicated to the lesson text and more dedicated to the sandbox by default.
June 3rd, 2024
SQL Injection: Part 1 UI Refresh ๐
Our most popular lesson got a much needed facelift!
May 22nd, 2024
New Feature & Improvements ๐ช
UI Modernization
As part of our Platform modernization efforts, you may have noticed that we made some UI updates:
We've made the corners of components in the platform more square
We've changed the UI font
The "In-progress" icon color was updated from brown to purple
Banner Controls
Admins now have the ability to delete Platform banners at will. Previously, you would've needed to push a new banner or submit a request to Support to have it removed.
May 14th, 2024
Path & Quests UI Update ๐ช
We've rolled out an update to the Path & Quests UI this week to help streamline finding the paths most appropriate for your learners. We've renamed Default to Recommended Paths. Additionally, we've updated the menu option names and they are now organized by type of content:
Video and Hands-On
Hands-On Only
Activities
We've also cleaned up your Custom Path menu, now all custom paths will show up under "My Paths" instead of organized by type of content.
May 10th, 2024
New Feature & Improvements ๐ช
Copy Button Added to Break/Fix Lessons
In our HackEDU Break/Fix lessons, we ask learners to copy & paste code snippets from the lesson into the sandbox but we didn't provide a way to easily copy the code. Now, learners have a copy button to allow them to seamlessly add the code snippets to their code editor!
Tournament Improvements
The dropdown filters in our Tournament filters have now been alphabetized
The default text for the Tournament Summary has been updated and the field is now able to be edited
Admins can also add learners to a Tournament after it's been started
Assignment Progress Report UI Improvements
The Assignment Progress Report now has filters (mirrors the functionality seen in the Progress report UI)
The Assignment Progress Report is now able to be downloaded from Assignment Progress UI (Previously, you had to navigate to the Admin > Reporting page to download this report)
May 3rd, 2024
New OWASP Alternative Path ๐
You asked and we delivered! Our new HackEDU: OWASP Top Ten | Alt 1 path delivers comprehensive lessons aimed at deepening developers' understanding of critical security principles. This can be used alongside the original HackEDU: OWASP Top Ten path or as the next step in their learning journey. This path introduces alternative lessons that address new Common Weakness Enumerations (such as use of hard coded credentials, overreliance on cookies, authentication bypass by spoofing and others) and offers innovative solutions to strengthen applications against potential attackers.
To learn more, check out our Help Desk article.
April 9th, 2024
Lesson Re-Assignment ๐จ
We've introduced support for Admins to require learners to re-take previously completed lessons as part of their path or quest and maintain the previous reporting data. To learn more about lesson re-assignment check out this article.
April 6th, 2024
UI Improvements ๐ช
This weekend, our Content team updated all our Recommended Advanced paths by adding the word "Advanced" to the name. Previously, they would only show the language and/or technology. We hope this makes finding the right content for your learners even easier!
โ
February 28-29th, 2024
New Assignments Feature & Content Type ๐
Assignments Table
This week, we released the Admin's Assignments Table. This new view provides Training Admins with better visibility of their active training assignments. The Assignments table displays:
Your assignments by name
If they are currently active
Due date (if applicable)
Number of users by status (Complete, In Progress or Not Started)
Percentage of users by status (Complete, In Progress or Not Started)
Coding Challenges
We've also added a new lesson type to the Security Journey Platform. They are called "Coding Challenges." This lesson type can be added to path or tournaments. These are hands-on and are within an integrated development environment. These are language specific.
โ
February 23rd, 2024
New Hands-On Only Topic Based Paths ๐
Our content team has been laser focused on creating differentiated learning paths to meet your specific learning needs. This time, we've expanded our topic based paths. You can now find 11 new paths covering various security topics using existing hands-on (Break/Fix) lessons:
Authentication (Break/Fix)
Authorization (Break/Fix)
Cross-site Scripting (XSS) (Break/Fix)
Docker Security (Break/Fix)
Encryption Basics (Break/Fix)
Injection Attacks (Break/Fix)
NoSQL Security (Break/Fix)
OAuth (Break/Fix)
Secure Password Management (Break/Fix)
Server-side Request Forgery (SSRF) (Break/Fix)
SQL Security (Break/Fix)
These will live under More > Admin > Paths & Quests > Default Paths > Hands-on.
February 20th, 2024
New Hand-On Only Role Based Paths ๐
Today, our Content team rolled out role-based, hands-on paths. You can find these by navigating to More > Admin > Paths & Quests > Default Paths > Hands-on:
AppSeC Professional
Foundational: AppSec Professional (Break/Fix)
Intermediate: AppSec Professional (Break/Fix)
Advanced: AppSec Professional (Break/Fix)
Web Developer
Foundational: Web Developer (Break/Fix)
Intermediate: Web Developer (Break/Fix)
February 16th, 2024
New Recommended Role Based & Break/Fix Paths ๐
Our Content Team rolled out two new Break/Fix paths. These mirror existing courses on our legacy HackEDU site. These paths will show up in the Admin Path Ul and you can find them by going to More > Admin > Paths & Quests > Default Paths > Recommended > Break/Fix:
HackEDU: Credential Reuse
HackEDU: Cryptography
We also released two new paths for Web Developers. These paths will show up in the Admin Path UI and you can find them by going to More > Admin > Paths & Quests > Default Paths > Hands-on:
Foundational: Web Developer (Break/Fix)
Intermediate: Web Developer (Break/Fix)
February 8th, 2024
New Admin Feature ๐
We've added a toggle for learner attribute (first name, last name etc.) editing that will allow learners to edit their user profile. If enabled, they'll be able to edit these attributes even if SSO or SCIM are enabled.
โKeep in mind, syncs from your IdP or SCIM API will still override manually entered attributes.
January 25th, 2024
New Features & Language Support ๐
It was a big week for new features at Security Journey!
SCIM
You can now automatically create, update, and archive users directly from your identity provider (IdP) using SCIM. First name, Last Name and Email Address are the only user properties supported at this time. To learn more check out this collection of articles.
Break/Fix Task List
Created in response to customer feedback that instructional text was too long.
Enables learners to complete the lesson leveraging just the tasks list.
Break/Fix only
Starting with:
OWASP Top 10 2021
OWASP API Top 10 2023
Assignment by Learner Attribute
This functionality allows admins the ability to assign content and report on the assignment by learner attributes.
You can see the 10 new options in Assignment Selection filters in the Assignment UI
Additional Language Support
Our content team added Ruby to 8 more of our Break/Fix lessons:
Encoding (Cryptography)
Encryption (Cryptography)
Hashing (Cryptography)
Account Lockout (Credential Reuse)
CAPTCHA (Credential Reuse)
Persistant Cookies (Credential Reuse)
Device Fingerprinting (Credential Reuse)
Encoding, Hashing and Encryption (Credential Reuse)
January 18th, 2024
Content Improvements ๐ช
We continue expand our language support for our Break/Fix Lessons:
Security Misconfiguration now supports Ruby
Unsafe Consumption of APIs is available for C++
Unrestricted Access to Sensitive Business Flows is now available for Rust, Perl, C and C++
January 4th, 2024
Platform Updates & New Features ๐จ
We have several new features that were rolled out this week!
โ
Duration Based Assignments
We now allow you to specify how many days a learner has to complete an assignment vs. only being able to choose a strict start/end date.
โ
Restricted Paths
You now have the ability to "restrict" a path to an assignment. This means that a path would only be visible to a learner if it was assigned to them. If restricted, the enabled path will not show up in the map or list view as an available option when choosing a path. For more information check out this article.
โ
User Properties in Reporting
We've gone ahead and updated the Platform reports to include ALL available user properties as filters. This applies to properties created via SSO and to customers who manually added user properties in their user profile.