How Security Journey’s Break/Fix Lessons Work

Understanding application security requires more than theory—it requires hands-on experience. Security Journey’s Break/Fix lessons are designed to give developers exactly that.

These interactive labs allow learners to exploit a real vulnerability, fix the underlying code, and validate the solution, all within a fully functional application environment.

Watch the quick walkthrough below to see how a Break/Fix lesson works.

Learn Security Inside a Real Application

Break/Fix lessons take place inside working applications built specifically for learning. Instead of reading about vulnerabilities, developers interact with the application just like they would in a real development environment.

In the example shown in the walkthrough, we log into a sample application called SocialJourney as a user named Maddie. From there, we create a post and inspect the request being sent to the backend.

By modifying the request—changing the user ID parameter before it reaches the server—we can impersonate another user. The post now appears as someone else, revealing the vulnerability.

This demonstrates a common security issue: the application is not properly validating the authenticated user.

Switching from Attacker to Defender

Once the vulnerability is demonstrated, the next step is remediation.

Developers move into the code editor, where they can inspect and modify the vulnerable application directly. Security Journey supports multiple programming languages, allowing learners to practice in the environments most relevant to their work.

Changes to the code are immediately reflected in the running application, creating a fast feedback loop that mirrors a real development workflow.

Validate the Fix with Automated Testing

After implementing a fix, developers can run automated tests to validate their solution.

The platform simulates the attack and checks whether the vulnerability has been successfully mitigated. If the fix isn’t complete, the tests fail—giving developers an opportunity to investigate further and improve their solution.

This reinforces an important part of secure development: verifying that a fix actually works.

Guided Learning with Aspen

If learners get stuck, they can request guidance from Aspen, Security Journey’s in-platform assistant.

Aspen provides contextual hints that help developers identify what’s missing in their fix. In this example, Aspen points us toward validating the user ID against the authenticated user, ensuring that the application only allows legitimate actions.

After applying the fix and running the tests again, all checks pass—confirming that the vulnerability has been properly mitigated.

A Safe Sandbox for Experimentation

Every Break/Fix lesson runs inside an isolated sandbox environment. Developers can experiment freely, test different approaches, and even reset the environment at any time if they want to start fresh.

This encourages exploration and removes the fear of breaking anything important.

From Learning Security to Shipping It

Break/Fix lessons bring together exploitation, remediation, and validation in a single workflow.

Developers don’t just learn about vulnerabilities—they experience how they happen, practice fixing them, and prove that their solution works.

The result is a deeper understanding of secure coding practices and the confidence to apply those skills in real-world development.

Because when developers practice security this way, they don’t just learn it—they ship it.