All Collections
HackEDU Release Notes
What's new at HackEDU πŸŽ‰
What's new at HackEDU πŸŽ‰

All our recent updates - from new features to enhancements!

Rachel Yonan avatar
Written by Rachel Yonan
Updated over a week ago

May 3rd, 2024

New OWASP Alternative Path πŸŽ‰

You asked and we delivered! Our new OWASP Top Ten | Alt 1 course delivers comprehensive lessons aimed at deepening developers' understanding of critical security principles. This can be used alongside the original OWASP Top Ten course or as the next step in their learning. This course introduces alternative lessons that address new Common Weakness Enumerations (such as use of hard coded credentials, overreliance on cookies, authentication bypass by spoofing and others) and offers innovative solutions to strengthen applications against potential attackers.

To learn more, check out our Help Desk article.


January 25th, 2024

Additional Language Support πŸŽ‰

Our content team added Ruby to 8 more of our lessons:

  • Encoding (Cryptography)

  • Encryption (Cryptography)

  • Hashing (Cryptography)

  • Account Lockout (Credential Reuse)

  • CAPTCHA (Credential Reuse)

  • Persistant Cookies (Credential Reuse)

  • Device Fingerprinting (Credential Reuse)

  • Encoding, Hashing and Encryption (Credential Reuse)


January 18th, 2024

Content Improvements πŸ’ͺ

We continue expand our language support for our lessons:

  • Security Misconfiguration now supports Ruby

  • Unsafe Consumption of APIs is available for C++

  • Unrestricted Access to Sensitive Business Flows is now available for Rust, Perl, C and C++


December 8th, 2023

Updated OWASP API Top Ten πŸŽ‰

Our team has been busy and we are ending the year with an important update to the OWASP API Top Ten to be in alignment with the changes made this year!

This includes:

  • Updated and new Break/Fix lessons:

    • Broken Object Level Authorization

    • Broken Authentication

    • Broken Object Property Level Authorization

    • Unrestricted Resource Consumption

    • Broken Function Level Authorization

    • Unrestricted Access to Sensitive Business Flows

    • Security Misconfiguration

    • Improper Inventory Management

    • Unsafe Consumption of APIs

FAQs

What will happen to the old API Top Ten course on HackEDU?

It will disappear. The following will happen:

  • The old API Top Ten course will be hidden.

  • The old preset plan will be disabled.

  • A new API Top Ten course will be created.

  • A new preset plan will be created.

What will happen to HackEDU learners that have been assigned a training plan containing content from the previous course?
​

Nothing. They will still see their existing training plan. The content will no longer appear in the "All Training" section but will continue to appear in the learners "My Plan" section.


October 6th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ and Kotlin when completing our Credential Reuse lessons.

You can now choose C++ when completing Encoding, Hashing, and Encryption, too.


September 29th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • Persistent Cookies (Credential ReUse)

  • Device Fingerprinting (Credential ReUse)

We've also added Perl & PHP as language options when completing:

  • Information Exposure through Query String Parameters


September 9th, 2023

New Content Alert 🚨

We've released a new Break/Fix lessons this week!
​
​Information Exposure through Query String Parameters: Lesson showcasing information exposure through query string parameters.


August 3rd, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing these Cryptography lessons:

  • Encryption

  • Encoding

  • Hashing


August 1st, 2023

New Content Alert 🚨

We've just released new content that covers Credential Reuse and you can find it within our Web Application Security (Extended) Course.

These four lessons will teach you techniques for preventing credential reuse and credential stuffing attacks:

  • Multi-Factor Authentication

  • Persistent Cookies

  • Device Fingerprinting

  • Account Lockout

  • CAPTCHA


July 12th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • Diffie-Hellman Key Exchange

We also made some updates to Insufficient Cryptography Lesson (iOS & Android) and OAuth Implementation Vulnerabilities: Part 2.


July 6th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • Encoding (Cryptography Course)

We also made some updates to our Server Side Request Forgery (SSRF) lesson from the OWASP Top 10.


June 15th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • Secure Password Storage: Part 2

  • Secure Password Storage: Part 3

  • Identification and Authentication Failures


May 3rd, 2023

Content Improvements 🚨

We continue expand our language support and you can now use Kotlin when completing:
​

OWASP Top 10

  1. Broken Access Control

  2. Command Injection

  3. Identification and Authentication Failures

  4. Insecure Design

  5. OAuth: Part 1

  6. OAuth: Part 2

  7. SQL Injection: Part 1

  8. SQL Injection: Part 2

  9. SQL Injection: Part 3

  10. Secure Side Request Forgery

  11. Reflected Cross-Site-Scripting

  12. Stored Cross-Site-Scripting

  13. XXE

API Top 10

  1. Broken Function Level Authorization

  2. Broken Object Level Authorization

  3. Excessive Data Exposure

  4. Mass Assignment

Cryptography

  1. Encoding

  2. Encryption

  3. Hashing

  4. Encoding, Hashing, and Encryption

  5. Diffie-Hellman Key Exchange

  6. Digital Signatures

  7. Secure Password Storage: Part 1

  8. Secure Password Storage: Part 2

  9. Secure Password Storage: Part 3


April 12th, 2023

Content Improvements🚨

We improved our Hashing lesson tests. The Hashing Lesson now verifies that the hash a learner inputs is:

  1. of a fixed length

  2. deterministic

  3. collision resistant


April 3rd, 2023

Content Improvements🚨

Our Engineering team was busy making some updates to our content! This week we released:

  • Updated the example for C# in SQL Injection: Part 1

  • Fixed an error with the Ruby code in Insecure Design

  • Added a narrative solution in the Java Spring Coding Challenge for Broken Authentication

  • Fixed an issue with SSRF Coding Challenge in #C

  • Fixed an issue with Clojure tests in our Mass Assignment lesson


March 28th, 2023

New Feature & Content Improvements🚨πŸ’ͺ

We have a new data integration with HCL AppScan available in the HackEDU Platform. To learn more about this feature and the benefits, check out this article!

Additionally, we've added C as an option when completing the Hashing lesson!


March 6th, 2023

New Content Alert & Improvements🚨

We've added a new lesson to our Cryptography Course! It's called Digital Signatures and it teaches engineers how to use digital signatures to ensure the integrity of messages!

Additionally, we continue to expand our language support and you can now use Scala in these Cryptography lessons:


February 10th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • Broken Function Level Authorization


January 23rd, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • SQL Injection: Part 1

  • SQL Injection: Part 2

  • SQL Injection: Part 3

  • Reflected Cross-Site Scripting (XSS)

  • Stored Cross-Site Scripting (XSS)

  • Broken Access Control

You can now use C when completing:

  • Server Side Request Forgery (SSRF)

  • Identification and Authentication Failures

  • Secure Password Storage: Part 2

  • Secure Password Storage: Part 3

To review the full list of HackEDU Break/Fix lessons visit: https://app.hackedu.com/all


January 11th, 2023

Update πŸ‘€

Our Help Desk article URL was updated from https://help.hackedu.com/en to https://help.securityjourney.com/en to be more in alignment with our branding changes! Any URLs still using the previous domain will be redirected.


January 5th, 2023

Content Improvements 🚨

Happy New Year from the Security Journey team! We are starting the year out strong with Rust language support being added to the following lessons:

  1. Broken Function Level Authorization

  2. Broken Object Level Authorization

  3. Excessive Data Exposure

  4. Mass Assignment

  5. Broken Access Control

  6. Identification and Authentication Failures

  7. Insecure Design

  8. SQL Injection: Part(s) 1-3

  9. Server-Side Request Forgery

  10. Reflected Cross-Site Scripting (XSS)

  11. Store Cross-Site Scripting (XSS)

  12. Secure Password Storage: Part(s) 1-3


December 19th, 2022

New Content Alert 🚨

We are excited to announce that our 9 lesson Cryptography Course is now live in the HackEDU Platform! This content can be added to any current or new Training Plan or assigned as a stand alone course.

The lessons include:

  1. Encoding

  2. Hashing

  3. Encryption

  4. Encoding, Hashing, and Encryption

  5. Secure Password Storage: Part 1

  6. Secure Password Storage: Part 2

  7. Secure Password Storage: Part 3

  8. Diffie-Helman Key Exchange

  9. Padding Oracle


December 5th, 2022

Content Improvements 🚨

We continue to add C language support! You can now use C when completing:


November 2th, 2022

Content Improvements 🚨

We are excited to share that we've added C language support in more lessons this week! You can now use C when completing:


October 7th, 2022

New Content Alert 🚨

HackEDU now has a Hands-on Blockchain Security lesson which compliments our new Blockchain content in the Security Journey Platform. It's available to be added to any new or existing Training Plan. It's located under our Publicly Disclosed Vulnerabilities course. Check it out!
​
We also added C language support to the Reflected Cross-Site Scripting (XSS) Lesson!


September 29-30th, 2022

Improvements πŸ’ͺ

We resolved some issues in two of our lessons.

  1. Insecure Design: Our content team updated the hint for Step 4 - Remediation to make it clear that authorize() returns a promise.

  2. Command Injection: A function was changed to return the error (if any) from running the exec.Command function.


September 21st, 2022

Update πŸ‘€

We've updated the messaging in our in-app cookies banner to make it more clear to learners and admins what data we collect and why. It now reads: "Our Platform uses cookies to customize your learning experience, however we do not sell any user data. To learn more, please see our privacy policy."


September 15th, 2022

Update πŸ‘€

The following emails from the HackEDU Platform will now be sent from our Security Journey domain:

  • Password reset

  • Account Verification

  • Reminder emails (training assignments)

  • Onboarding Invitations

All emails will now come from no-reply@securityjourney.com.


September 14th, 2022

Improvements πŸ’ͺ

The HackEDU Platform now supports session timeout. Admins and learners will be logged out of the Platform after 1 day of inactivity. Here, inactivity means that the UI is still open and idle - not that the session tab has been closed. This is how the Security Journey Platform functions so customers will have a consistent experience.


September 14th, 2022

New Content Alert 🚨

Our latest course, Secure Password Storage is live in the HackEDU platform!
​
These three lessons will teach you how to:

  • Understand the basics of hashing passwords

  • Learn how to create and incorporate salts into hashes

  • Use Argon2 to simplify and strengthen the authentication process

If you would like to take this course or assign it out to your learners it's located under the Web Application Security (Extended) Course!


September 2nd, 2022

Updates and Improvements🚨πŸ’ͺ

Companies who are using SSO & deep-links will now see users being redirected to the initially requested URL after authentication - instead of the "My Plan" or "All Training" page.

We've also updated our branding in the HackEDU Platform to the new joint Security Journey + HackEDU logo!


August 22nd, 2022

Updates and Content Improvements🚨πŸ’ͺ

Our team updated the Safelisting Requirements for our live sandbox application and Platform. For more details, see this Help Desk article.
​
We also made some changes to our Mass Assignment lesson to improve the learner experience when taking the coding exercise at the end.


August 17th, 2022

HackEDU is now Security Journey πŸŽ‰

Our transition from HackEDU to Security Journey is well underway! Our HackEDU site now redirects to securityjourney.com. You can find out more about the acquisition and rebrand here!


As you navigate the platform, you’ll likely notice updated Security Journey branding throughout. Rest assured, even though we may look a little different, you’ll still have all the same functionality and features as before.
​

Should you have any questions along the way, reach out to your Customer Success Manager or drop us a line at support@securityjourney.com anytime.


August 12th, 2022

Improvements πŸ’ͺ

You now have the ability to enable/disable Hacking Challenges just like you can with Coding Challenges. We also added some additional help text to these Admin settings to more clearly define what they do!


August 9th, 2022

Content Update πŸ’ͺ

Our Content Engineers updated the vulnerability code and lesson text in all three SQL Injection lessons as well as in the Functional Level Authorization lesson.


August 5th, 2022

Improvements πŸ’ͺ

Resolved an issue which was causing the start dates and due dates on our Secure Development Training: 1-Year Plan to be incorrect.


August, 1st, 2022

Improvements πŸ’ͺ

The HackEDU team wrapped work on updating our lesson infrastructure to improve user experience and performance.


July, 26th, 2022

Content Update πŸ’ͺ

The HackEDU team updated the XSS in Third-Party Integration (English only) lesson and hacktivity so that the vulnerability and recommended fix were easier to understand.

We also updated our four Memory Managment Lessons (Stack Overflow, Off-By-One, Format String & Heap Overflow) by creating a new vulnerable app and rewriting the lesson text to make things clearer to learners.


July, 18th, 2022

Improvements πŸ’ͺ

  1. We updated our Security Unit Tests lesson: Restructured app so we can unit test without starting up a live Flask server & added "File Browse" feature.

  2. We corrected a UI issue that was causing our edit buttons on the Users page and "Start Lesson" button to get squished when resizing the browser.


July, 1st, 2022

UI Refresh πŸ‘€

Our website's login page and Platform navigation bar now feature the new joint Security Journey + HackEDU logo.
​
Additionally, all of our buttons and links have been updated from blue to green!


June 30th, 2022

Training Plan Improvements: Updated Phase Names πŸŽ‰

We discovered that for some of our Preset Training Plans the "phase title" was different from the course title. This was causing unnecessary confusion for Training admins and learners. Now, the phase titles match the Course title:

  • 2021 OWASP Top 10

    • Old Phase title: Web Application Security

    • New Phase title: 2021 OWASP Top 10

  • PCI Compliance

    • Old Phase title: Web Application Security

    • New Phase title: PCI Compliance

  • OWASP API Top 10

    • Old Phase Title: API Security

    • New Phase Title: OWASP API Top 10


June 24th, 2022

New Preset: DevSecOps Preset Plan πŸŽ‰

Today, we introduced a brand new training plan to our available presets!

Our DevSecOps training plan is made up of 26 lessons and articles that cover all stages of the DevSecOps lifecycle: Pre-Development, Development, Testing, Deployment and Ongoing maintenance.
​
Although it is a preset, content can be added or removed as needed to meet the specific training needs of your organization.


June 24th, 2022

New Content Alert 🚨

Today, we released "Kubernetes Security" which is the final lesson in our DevSecOps course! You can find it under the DevSecOps Course in the HackEDU Platform.


June 16th, 2022

New Language Support: TypeScript 🚨

We are so excited to announce the availability of TypeScript as a language! It is now live in 18 of our lessons.


June 14th, 2022

ImprovementsπŸ’ͺ

The following lessons had updates to their instructions/text this week:

We also resolved an issue with the Capital One: Part 3 which was causing learners to receive an "import error" when trying to complete the lesson.


June 8th, 2022

Updates this week | New Article & Improvements 🚨πŸ’ͺ

  1. HackEDU released the Penetration Testing article which is our final piece of content for our NEW DevSecOps course. You can find the complete course list by visiting All Training > DevSecOps

  2. We also fixed an issue with our user management workflow which was causing the delete function to become unresponsive when attempting to delete multiple users in a row.


June 2nd, 2022

New Content Alert 🚨

Today, we added four more articles as part of our DevSecOps course which is comprised of 26 pieces of content. You can find these located under All Training > DevSecOps

  1. Security Acceptance Testing

  2. Threat Intelligence

  3. Security Smoke Tests

  4. Blameless Post Mortems


June 1st, 2022

Updates to the All Training Page πŸŽ’

We've updated the DevSecOps Course content into the following sections:

  • Pre-Development

  • Development

  • Testing

  • Deployment

  • Ongoing


May 24th, 2022

Login Enhancement ✨

Our team has improved the sign in workflow! All users can now hit β€˜enter’ when entering their email and password to login. Previously, we did not support this and you had to manually click into each form to add your information.


May 19th, 2022

All Training UI Update 🚨

HackEDU has renamed the "General Security" section of the "All Training" page to "DevSecOps".
​
The content found in that section will be turned into a Training Plan preset once we've completed all the content for our DevSecOps course.


May 5th, 2022

New Content Alert 🚨

Today, we released a new article called "Server Hardening."

Included as part of our DevSecOps course. You can find it under the All Training > General Security course list.


April 12th, 2022

Updates to HackEDU's openAPI πŸ’¬

You asked and we delivered!

Our openAPI now provides the ability to retrieve license status for users. For full details, see our Developer Documentation here.


April 11th, 2022

New Content Alert 🚨

Today, we added four more articles as part of our DevSecOps course which is comprised of 25 pieces of content. You can find these located under All Training > General Security

  1. Secrets Management

  2. IDE Plugins

  3. Security Code Review

  4. Introduction to Git Hooks

FAQs

  1. Do they have coding exercises?

    • Articles, unlike lessons, do not have a coding exercise or sandbox environment.

  2. Are they assignable?

    • Yes, they can be assigned as part of a training plan or individually from the user view.

  3. What reporting can I expect?

    • Articles will have similar reporting to lessons. You can expect to see the time it took for an individual learner to complete an article and view this information in their user report card, the User Report or the Completion report.


April 8th, 2022

New Training Plan Interface 🚨

We rolled out a fresh new look for our Training Plan modal!


April 11th, 2022

Improvement: Checkboxes for creating and editing training plans πŸ’ͺ

The existing drag and drop experience for creating/managing a training plan was cumbersome and had a few issues. We’ve simplified the experience to make it even simpler to create a training plan!


March 17th, 2022

New Preset: Secure Coding Training: 2 Year Plan πŸŽ‰

Today, we introduced a brand new training plan to our available presets.

This training plan is made up of 58 lessons over 24 months and focuses on a core set of secure coding best practices and the Open Web Application Security (OWASP) Top 10 vulnerabilities. These lessons are seen as the most critical secure coding training content to keep your organization safe!

This course was created to help customers plan content for years one and two of their secure coding training plan. Although it is a preset, it is able to be edited or adjusted to account to the specific training needs of each customer.

For more information, visit here.


March 4th, 2022

New Lesson Alert! 🚨

Dependency Management Lesson

This brand new lesson adds to our DevSecOps course!


Learners will be taught to:

  • Understand the Phases of Dependency Management:

    • Enumeration

    • Investigation

    • Remediation

  • Search through source code for a vulnerable dependency

  • Exploit this dependency in a running app

  • Remediate the vulnerability and check that the exploit is no longer possible

Available today on the HackEDU Platform under All Training > General Security


March 3rd, 2022

Introducing our new Impact Report πŸŽ‰

This report displays vulnerabilities found in your code alongside assigned secure development training to show alignment and impact of Adaptive Training Plans and Application Security Testing Integrations.

What are the benefits?

  • Allows Learning Administrators to ensure training programs are efficiently addressing current organizational needs

  • The Report can be shared with internal stakeholders to show the importance of secure coding training programs and their ability to reduce application security risk

  • The data can be displayed in a customized timeframe, monthly or annually. Filters allow views by vulnerability topic or across the entire training plan all at once.

For more information visit here.


January 25th, 2022

New + Improved OWASP Top Ten πŸŽ‰

  • New content: OWASP Top 10 2021

    • OWASP has come out with an updated list of top vulnerabilities. Specifically, the addition of Server-Side Request Forgery (SSRF) and Insecure Design

    • We've added two new lessons that cover SSRF and Insecure Design to our 2021 OWASP Top 10 Training Plan; these can be assigned as part of the new preset plan or as standalone lessons
      ​

  • Existing content was updated with *new names

    • Sensitive Data Exposure β‡’ Cryptographic Failures

    • Using Components with Known Vulnerabilities β‡’ Vulnerable and Outdated Components

    • Broken Authentication β‡’ Identification and Authentication Failures

    • Insecure Deserialization β‡’ Software and Data Integrity Failures

    • Insufficient Logging and Monitoring β‡’ Security Logging and Monitoring Failures

*The content description will denote that the names have been updated

  • XSS Lessons Part 1 & 2 were replaced with Reflected Cross-Site Scripting (XSS), DOM-Based Cross-Site Scripting (XSS) and Stored Cross-Site Scripting (XSS)

  • Updated preset plans

    • Option to assign 2017 OWASP Top 10 or 2021 OWASP Top 10 2021

Did this answer your question?