Hands On Lesson Types Explained

Hands-On Lesson Types Explained

Security Journey offers several hands-on lesson formats designed to keep learners engaged and help them practice real-world skills. Each lesson type supports different learning outcomes—whether learners are focused on fixing vulnerable code, writing secure code, or thinking like an attacker.

Hands-On Lesson Types

1) Break/Fix Lessons

Best for: Learning how vulnerabilities work and how to remediate them.

Break/Fix lessons guide learners through two stages:

1. Break: Learners start as the attacker and exploit a vulnerability to see how it works in practice.

2. Fix: Learners then switch to the defender role and update the insecure code to mitigate the vulnerability.

Break/Fix lessons are available across multiple languages and frameworks, and learners complete the work in a simple in-browser editor. After making changes, learners can test their fix to confirm the issue is resolved.

2) Coding Challenges

Best for: A deeper, more realistic developer-style experience.

Coding Challenges simulate real development scenarios by giving learners access to the full source code of an application that contains a vulnerability.

Compared to Break/Fix lessons, these challenges provide less step-by-step guidance, encouraging learners to rely more on their code review and problem-solving skills. Once learners remove the vulnerability, they can test their solution to confirm it works.

To learn more check out this article: Coding Challenges

3) Hacking Challenges

Best for: Practicing attacker techniques in a realistic environment.

Hacking Challenges put learners in the role of the attacker, where they attempt to compromise a vulnerable website using skills they’ve learned.

The goal is typically to exfiltrate a “flag”, which confirms the learner successfully completed the challenge. Difficulty varies, with some challenges designed for more experienced learners.