At Security Journey, we are committed to keeping learners engaged throughout their educational experience. To achieve this, we have designed a variety of lesson styles that bring novelty to the curriculum and align each lesson with specific learning outcomes.

Our diverse lesson types include:

To enhance knowledge transfer and retention, Break/Fix lessons are designed to immerse learners in both offensive and defensive roles, grounded in the mindset of a hacker.

Initially, learners take on the role of an attacker, exploiting vulnerabilities to experience firsthand how easily and effectively exploits can be executed. This hands-on approach helps learners understand the practical implications of insecure code. After successfully completing the exploit, learners switch roles to focus on defense, reviewing the insecure code and implementing mitigation strategies to secure it.

Break/Fix lessons are available in a variety of languages and frameworks, allowing learners to work within a programming environment they find comfortable and familiar. A simple in-browser editor is provided, enabling learners to concentrate on understanding the vulnerability in a context where it is likely to appear.

Once the learner has made the necessary updates to the vulnerable code, they can test their solution to ensure that their fix effectively addresses the issue.

While Break/Fix lessons offer an efficient way to learn vulnerability mitigation, Coding Challenges provide deeper learning by more closely simulating the real-world developer experience. In Coding Challenges, learners are presented with the entire source code of an application that contains a vulnerability. This requires a more comprehensive understanding of the language and framework, allowing for a richer learning experience.

Unlike Break/Fix lessons, which guide learners step-by-step through detecting and mitigating vulnerabilities, Coding Challenges are intentionally less detailed. This encourages learners to rely on and sharpen their code review instincts, fostering a mindset where all code is viewed as potentially insecure.

Once the learner has identified and eliminated the vulnerability, they can test their solution to ensure it effectively resolves the issue.

Hacking Challenges invite learners to don their favorite hoodie and take on the role of an attacker, targeting a vulnerable website. Using techniques they have previously learned, learners can simulate real-world hacking scenarios, aiming to exfiltrate data—a flag that signifies they have successfully compromised the website.

These challenges vary in difficulty, with some designed to test even the most experienced and savvy hackers. By participating in Hacking Challenges, learners not only deepen their understanding of various attack methods but also develop the critical thinking skills needed to prevent such attacks in the future. Additionally, these exercises offer a fun and engaging way to reinforce learning.