May 14th, 2024
Path & Quests UI Update πͺ
We've rolled out an update to the Path & Quests UI this week to help streamline finding the paths most appropriate for your learners. We've renamed Default to Recommended Paths. Additionally, we've updated the menu option names and they are now organized by type of content:
Video and Hands-On
Hands-On Only
Activities
We've also cleaned up your Custom Path menu, now all custom paths will show up under "My Paths" instead of organized by type of content.
May 10th, 2024
New Feature & Improvements πͺ
Copy Button Added to Break/Fix Lessons
In our HackEDU Break/Fix lessons, we ask learners to copy & paste code snippets from the lesson into the sandbox but we didn't provide a way to easily copy the code. Now, learners have a copy button to allow them to seamlessly add the code snippets to their code editor!
Tournament Improvements
The dropdown filters in our Tournament filters have now been alphabetized
The default text for the Tournament Summary has been updated and the field is now able to be edited
Admins can also add learners to a Tournament after it's been started
Assignment Progress Report UI Improvements
The Assignment Progress Report now has filters (mirrors the functionality seen in the Progress report UI)
The Assignment Progress Report is now able to be downloaded from Assignment Progress UI (Previously, you had to navigate to the Admin > Reporting page to download this report)
May 3rd, 2024
New OWASP Alternative Path π
You asked and we delivered! Our new HackEDU: OWASP Top Ten | Alt 1 path delivers comprehensive lessons aimed at deepening developers' understanding of critical security principles. This can be used alongside the original HackEDU: OWASP Top Ten path or as the next step in their learning journey. This path introduces alternative lessons that address new Common Weakness Enumerations (such as use of hard coded credentials, overreliance on cookies, authentication bypass by spoofing and others) and offers innovative solutions to strengthen applications against potential attackers.
To learn more, check out our Help Desk article.
April 9th, 2024
Lesson Re-Assignment π¨
We've introduced support for Admins to require learners to re-take previously completed lessons as part of their path or quest and maintain the previous reporting data. To learn more about lesson re-assignment check out this article.
April 6th, 2024
UI Improvements πͺ
This weekend, our Content team updated all our Recommended Advanced paths by adding the word "Advanced" to the name. Previously, they would only show the language and/or technology. We hope this makes finding the right content for your learners even easier!
β
February 28-29th, 2024
New Assignments Feature & Content Type π
Assignments Table
This week, we released the Admin's Assignments Table. This new view provides Training Admins with better visibility of their active training assignments. The Assignments table displays:
Your assignments by name
If they are currently active
Due date (if applicable)
Number of users by status (Complete, In Progress or Not Started)
Percentage of users by status (Complete, In Progress or Not Started)
Coding Challenges
We've also added a new lesson type to the Security Journey Platform. They are called "Coding Challenges." This lesson type can be added to path or tournaments. These are hands-on and are within an integrated development environment. These are language specific.
β
February 23rd, 2024
New Hands-On Only Topic Based Paths π
Our content team has been laser focused on creating differentiated learning paths to meet your specific learning needs. This time, we've expanded our topic based paths. You can now find 11 new paths covering various security topics using existing hands-on (Break/Fix) lessons:
Authentication (Break/Fix)
Authorization (Break/Fix)
Cross-site Scripting (XSS) (Break/Fix)
Docker Security (Break/Fix)
Encryption Basics (Break/Fix)
Injection Attacks (Break/Fix)
NoSQL Security (Break/Fix)
OAuth (Break/Fix)
Secure Password Management (Break/Fix)
Server-side Request Forgery (SSRF) (Break/Fix)
SQL Security (Break/Fix)
These will live under More > Admin > Paths & Quests > Default Paths > Hands-on.
February 20th, 2024
New Hand-On Only Role Based Paths π
Today, our Content team rolled out role-based, hands-on paths. You can find these by navigating to More > Admin > Paths & Quests > Default Paths > Hands-on:
AppSeC Professional
Foundational: AppSec Professional (Break/Fix)
Intermediate: AppSec Professional (Break/Fix)
Advanced: AppSec Professional (Break/Fix)
Web Developer
Foundational: Web Developer (Break/Fix)
Intermediate: Web Developer (Break/Fix)
February 16th, 2024
New Recommended Role Based & Break/Fix Paths π
Our Content Team rolled out two new Break/Fix paths. These mirror existing courses on our legacy HackEDU site. These paths will show up in the Admin Path Ul and you can find them by going to More > Admin > Paths & Quests > Default Paths > Recommended > Break/Fix:
HackEDU: Credential Reuse
HackEDU: Cryptography
We also released two new paths for Web Developers. These paths will show up in the Admin Path UI and you can find them by going to More > Admin > Paths & Quests > Default Paths > Hands-on:
Foundational: Web Developer (Break/Fix)
Intermediate: Web Developer (Break/Fix)
February 8th, 2024
New Admin Feature π
We've added a toggle for learner attribute (first name, last name etc.) editing that will allow learners to edit their user profile. If enabled, they'll be able to edit these attributes even if SSO or SCIM are enabled.
βKeep in mind, syncs from your IdP or SCIM API will still override manually entered attributes.
January 25th, 2024
New Features & Language Support π
It was a big week for new features at Security Journey!
SCIM
You can now automatically create, update, and archive users directly from your identity provider (IdP) using SCIM. First name, Last Name and Email Address are the only user properties supported at this time. To learn more check out this collection of articles.
Break/Fix Task List
Created in response to customer feedback that instructional text was too long.
Enables learners to complete the lesson leveraging just the tasks list.
Break/Fix only
Starting with:
OWASP Top 10 2021
OWASP API Top 10 2023
Assignment by Learner Attribute
This functionality allows admins the ability to assign content and report on the assignment by learner attributes.
You can see the 10 new options in Assignment Selection filters in the Assignment UI
Additional Language Support
Our content team added Ruby to 8 more of our Break/Fix lessons:
Encoding (Cryptography)
Encryption (Cryptography)
Hashing (Cryptography)
Account Lockout (Credential Reuse)
CAPTCHA (Credential Reuse)
Persistant Cookies (Credential Reuse)
Device Fingerprinting (Credential Reuse)
Encoding, Hashing and Encryption (Credential Reuse)
January 18th, 2024
Content Improvements πͺ
We continue expand our language support for our Break/Fix Lessons:
Security Misconfiguration now supports Ruby
Unsafe Consumption of APIs is available for C++
Unrestricted Access to Sensitive Business Flows is now available for Rust, Perl, C and C++
January 4th, 2024
Platform Updates & New Features π¨
We have several new features that were rolled out this week!
β
Duration Based Assignments
We now allow you to specify how many days a learner has to complete an assignment vs. only being able to choose a strict start/end date.
β
Restricted Paths
You now have the ability to "restrict" a path to an assignment. This means that a path would only be visible to a learner if it was assigned to them. If restricted, the enabled path will not show up in the map or list view as an available option when choosing a path. For more information check out this article.
β
User Properties in Reporting
We've gone ahead and updated the Platform reports to include ALL available user properties as filters. This applies to properties created via SSO and to customers who manually added user properties in their user profile.