May 19th, 2022

All Training UI Update 🚨

HackEDU has renamed the "General Security" section of the "All Training" page to "DevSecOps".

The content found in that section will be turned into a Training Plan preset once we've completed all the content for our DevSecOps course.

May 5th, 2022

New Content Alert 🚨

Today, we released a new article called "Server Hardening."

Included as part of our DevSecOps course. You can find it under the All Training > General Security course list.

April 12th, 2022

Updates to HackEDU's openAPI 💬

You asked and we delivered!

Our openAPI now provides the ability to retrieve license status for users. For full details, see our Developer Documentation here.

April 11th, 2022

New Content Alert 🚨

Today, we added four more articles as part of our DevSecOps course which is comprised of 25 pieces of content. You can find these located under All Training > General Security

  1. Secrets Management

  2. IDE Plugins

  3. Security Code Review

  4. Introduction to Git Hooks


  1. Do they have coding exercises?

    • Articles, unlike lessons, do not have a coding exercise or sandbox environment.

  2. Are they assignable?

    • Yes, they can be assigned as part of a training plan or individually from the user view.

  3. What reporting can I expect?

    • Articles will have similar reporting to lessons. You can expect to see the time it took for an individual learner to complete an article and view this information in their user report card, the User Report or the Completion report.

April 8th, 2022

New Training Plan Interface 🚨

We rolled out a fresh new look for our Training Plan modal!

April 11th, 2022

Improvement: Checkboxes for creating and editing training plans

The existing drag and drop experience for creating/managing a training plan was cumbersome and had a few issues. We’ve simplified the experience to make it even simpler to create a training plan!

March 17th, 2022

New Preset: Secure Coding Training: 2 Year Plan 🎉

Today, we introduced a brand new training plan to our available presets.

This training plan is made up of 58 lessons over 24 months and focuses on a core set of secure coding best practices and the Open Web Application Security (OWASP) Top 10 vulnerabilities. These lessons are seen as the most critical secure coding training content to keep your organization safe!

This course was created to help customers plan content for years one and two of their secure coding training plan. Although it is a preset, it is fully customizable to the specific training needs of each customer.

For more information, visit here.

March 4th, 2022

New Lesson Alert! 🚨

Dependency Management Lesson

This brand new lesson adds to our DevSecOps course!

Learners will be taught to:

  • Understand the Phases of Dependency Management:

    • Enumeration

    • Investigation

    • Remediation

  • Search through source code for a vulnerable dependency

  • Exploit this dependency in a running app

  • Remediate the vulnerability and check that the exploit is no longer possible

Available today on the HackEDU Platform under All Training > General Security

March 3rd, 2022

Introducing our new Impact Report 🎉

This report displays vulnerabilities found in your code alongside assigned secure development training to show alignment and impact of Adaptive Training Plans and Application Security Testing Integrations.

What are the benefits?

  • Allows Learning Administrators to ensure training programs are efficiently addressing current organizational needs

  • The Report can be shared with internal stakeholders to show the importance of secure coding training programs and their ability to reduce application security risk

  • The data can be displayed in a customized timeframe, monthly or annually. Filters allow views by vulnerability topic or across the entire training plan all at once.

For more information visit here.

January 25th, 2022

New + Improved OWASP Top Ten 🎉

  • New content: OWASP Top 10 2021

    • OWASP has come out with an updated list of top vulnerabilities. Specifically, the addition of Server-Side Request Forgery (SSRF) and Insecure Design

    • We've added two new lessons that cover SSRF and Insecure Design to our OWASP Top 10 2021 Training Plan; these can be assigned as part of the new preset plan or as standalone lessons

  • Existing content was updated with *new names

    • Sensitive Data Exposure ⇒ Cryptographic Failures

    • Using Components with Known Vulnerabilities ⇒ Vulnerable and Outdated Components

    • Broken Authentication ⇒ Identification and Authentication Failures

    • Insecure Deserialization ⇒ Software and Data Integrity Failures

    • Insufficient Logging and Monitoring ⇒ Security Logging and Monitoring Failures

*The content description will denote that the names have been updated

  • XSS Lessons Part 1 & 2 were replaced with Reflected Cross-Site Scripting (XSS), DOM-Based Cross-Site Scripting (XSS) and Stored Cross-Site Scripting (XSS)

  • Updated preset plans

    • Option to assign 2017 OWASP Top 10 or 2021 OWASP Top 10 2021

Did this answer your question?