All Collections
Security Journey Release Notes
What's new at Security Journey 2022 - 2023 πŸŽ‰
What's new at Security Journey 2022 - 2023 πŸŽ‰

All our recent updates - from new features to enhancements!

Rachel Yonan avatar
Written by Rachel Yonan
Updated over a week ago

December 31st, 2023

Re-recorded Lessons πŸŽ‰

Our content team finished out the year strong by releasing 23 refreshed & re-recorded video lessons:

  • Threat Modeling Process

  • Threat Modeling Examples

  • Server-side Request Forgery (SSRF)

  • Dynamic Application Security Testing

  • Six Foundational Truths of Application Security

  • Privacy Threat Modeling

  • Privacy Threat Modeling Process

  • Cross-Site Scripting (XSS) | Part 1

  • Cross-Site Scripting (XSS) | Part 2

  • AppSec in DevOps World

  • Insecure Communication

  • Next Gen AppSec Tools

  • Penetration Testing and Bug Bounty

  • Security Requirements

  • Vulnerability Scanning

  • AppSec in an Agile World | Part 1

  • AppSec in an Agile World | Part 2

  • Secure Design Principles | Part 1

  • Secure Design Principles | Part 2

  • Cryptography

  • Language Typing

  • Output Encoding

  • Cross-site Request Forgery (CSRF)


December 8th, 2023

Updated OWASP API Top Ten & Break/Fix UI Changes πŸŽ‰

Our team has been busy and we are ending the year with a flurry of big updates and changes!

Updated OWASP API Top Ten (2023) is here

It includes:

  • Updated and new video lessons:

    • OWASP API Top Ten Part 1

    • OWASP API Top Ten Part 2

    • OWASP API Top Ten Part 3

    • Fundamentals of gRPC Security

    • Fundamentals of GraphQL Security
      ​

  • Updated and new Break/Fix lessons:

    • Broken Object Level Authorization

    • Broken Authentication

    • Broken Object Property Level Authorization

    • Unrestricted Resource Consumption

    • Broken Function Level Authorization

    • Unrestricted Access to Sensitive Business Flows

    • Security Misconfiguration

    • Improper Inventory Management

    • Unsafe Consumption of APIs

Break/Fix UI Revamp

We've refreshed the Break/Fix lesson UI to more closely align with our video lesson format. Learners can now make the sandbox full screen, view the instructions only or viewing both side by side.

Additionally, we now include a product walkthrough on all our Break/fix lessons if learners are unsure how to navigate them!


November 27th, 2023

New Break/Fix Filtering πŸŽ‰

We've made it easier to find content by adding an additional filter to our Break/Fix lessons. You can now search for content with or without coding tests:


November 12th, 2023

Updated Lessons πŸŽ‰

Our Content team has been busy and just re-recorded 19 of our Intermediate (Yellow Belt) lesson. For the full list, check out this article.


October 23rd, 2023

New Content Alert 🚨

Our Content Team rolled out a ton of new content this week!

First, we have 6 new lessons about Privacy by Design. This content was added to our Advanced Privacy Engineer Path. They are:

  1. PBD Seven Foundational Principles

  2. PBD Requirements

  3. PBD Privacy Engineering

  4. PBD Risk Management

  5. Mobile Privacy by Design

  6. PBD Privacy Redesign

We also rolled out a dedicated AL/LLM Path and 5 new AI/LLM lessons. We've added:

  1. Introduction to AI/LLM Security

  2. Data Science Engineering for AI/LLM

  3. Model Engineering for AI/LLM

  4. Application and Plugin Security for AI/LLM

  5. AI/LLM Security Toolchain


October 6th, 2023

New Paths & Content Improvements 🚨

We are thrilled to announce two new Advanced Paths that cover COBOL and Clojure!

Additionally, we continue expand our language support and you can now use C++ and Kotlin when completing our Credential Reuse lessons.

You can now choose C++ when completing Encoding, Hashing, and Encryption, too.


September 29th, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing:

  • Persistent Cookies (Credential ReUse)

  • Device Fingerprinting (Credential ReUse)

We've also added Perl & PHP as language options when completing:

  • Information Exposure through Query String Parameters


September 12th, 2023

Role Based Training Paths πŸ™Œ

Big changes over here! We've introduced new default paths that we now call Recommended. They contain fewer lessons, are more focused, and are organized by developer role so that they are more time efficient and relevant to each learner!
​
To take advantage of the new paths you must activate them. You can follow our instructions here or contact your Customer Success Manager at customersuccess@securityjourney.com.


September 9th, 2023

New Content Alert 🚨

We've released a new Break/Fix lessons this week!
​
​Information Exposure through Query String Parameters: Lesson showcasing information exposure through query string parameters.


August 7th, 2023

New Feature πŸŽ‰

Exciting news! We now support the Google Translate extension for Chrome browsers. When enabled, you will see a "Translate Page" toolbar at the bottom of the webpage where you can select the language you want to see.

The extension can translate all page content, experiments and video summaries. Break/Fix Lessons are not supported at this time.


August 3rd, 2023

Content Improvements 🚨

We continue expand our language support and you can now use C++ when completing these Break/Fix Cryptography lessons:

  • Encryption

  • Encoding

  • Hashing


August 1st, 2023

New Content Alert 🚨

We've just released new Break/Fix Content that covers Credential Reuse! These four lessons will teach you techniques for preventing credential reuse and credential stuffing attacks:

  • Multi-Factor Authentication

  • Persistent Cookies

  • Device Fingerprinting

  • Account Lockout

  • CAPTCHA


July 23rd, 2023

Platform Improvements πŸ’ͺ

We have a few changes to announce this week!

We've updated the "Lesson Rankings" Report to "Learning Swing" Report.

We also pushed out some improvements to our Tournament Feature after our big release last week:

  • We added pagination to the Leaderboard page

  • "Rules" were updated to "Tournament Summary"

  • Non-required fields (like "Prizes") will not display in the active Tournament summary UI

  • "Joined Tournament" button will now read "Resume" when a learner is actively in a Tournament


July 13th, 2023

Tournament Update πŸŽ‰

We are proud to announce that our Tournaments feature has gotten a much needed overhaul! Tournaments can be created for your entire SDLC - developers and non-developers alike.

  • Lessons and assignments can now be auto-generated or selected manually

  • Customizable pre-written tournament notifications enable you to easily communicate with participants

  • We now include a duration estimate during setup so you know how quickly a tournament can be completed

  • Enhanced scoring includes attempts, hints, success and coding accuracy all driving points achieved

A screenshot of a fitness tracker

Description automatically generated

To learn more, check out our help desk article about Tournaments.


July 6th, 2023

New Features & Platform Improvements πŸ’ͺ πŸŽ‰

It was a big release week here at Security Journey! We've rolled out a few new features that many of you have been asking for:

  • We've added the ability for learner's who don't have a first or last name populated in their User Profiles to manually add their name to their Platform Certificates!

  • We've given admins the ability to disable all non-critical platform emails to their learners. This includes: weekly status emails, inactivity emails and unread bell notification emails. We also removed the opt-out settings from the User Profile.
    ​

  • We introduced a new Advanced/Green Belt path: Google Cloud Platform Security. In this course, we will examine some general security tips for the Google Cloud Platform. Identify how to best harden storage and manage our secrets. Additionally, we will touch on how to leverage GCP security tools and secure the Google Kubernetes Engine. This path is 20 video lessons.


June 27th, 2023

Translation Support πŸŽ‰

The Security Journey Platform now supports the Google Translate Chrome Extension for all learner and admin pages as well as video lesson transcripts. Note: At this time, the Break/Fix content is not supported.


June 19th, 2023

Platform Improvements πŸ’ͺ

We've rolled out a new feature that allows you to generate unique URLs for all learning paths so that you can quickly link to an entire path!
​


June 6th, 2023

New Metrics πŸŽ‰

You asked and we listened! We will now be capturing the time a learner has spent taking training both at the individual lesson level, assignment and path.

  • This metric has been added to the user profile and all admin reports (as a distinct column)

Note: This is NEW data and will not be applied retroactively. All lesson activity moving forward will be incremented and included in the reporting after this feature was rolled out.


June 1st, 2023

SSO Improvements πŸ’ͺ

We've updated the URL login behavior when a learner is not logged into the Security Journey Platform. Previously, if you clicked on a URL and weren't authenticated, it would take you to your auth screen and then back to the main landing page. We've improved this workflow! Now, you will be taken to the original URL destination.

This is the preferred behavior if you are using our lesson URLs in a Learning Managment System (LMS).


April 11th, 2023

UI Updates and Improvements πŸŽ‰

Our team was busy making some changes and improvements to the Security Journey Platform!

  1. Learners are now awarded points for completing HackEDU Break/Fix lessons in the Platform Leaderboard

  2. The "Personal Security Dojo" has been renamed to "Champion Passport" in the Platform More menu and in the Champion Passport UI.

    *The icon on the map has not yet been changed.


April 3rd, 2023

New Content πŸŽ‰

Security Journey just released a new path. It's called Green Belt for Embedded Developers. These 23 lessons can be assigned as part of the default path or lessons can be added to any new or existing custom path.


March 31st, 2023

UI Improvements πŸ’ͺ

Our team wanted to make it easier to identify the different types of content available in our default paths.

We are now organizing paths into three types:

  1. Video: video lessons with assessments & video lessons with experiment content

  2. Progressive: video lessons & break/fix content

  3. Hands-on: break/fix content


March 14th, 2023

Reporting Improvements πŸ’ͺ

We've made our learning swing metrics available in the Lesson Rankings report. This new column shows the knowledge increase percentage by lesson across the organization! To learn more, check out this article.


February 24th, 2023

New Feature πŸŽ‰

We've added Learning Swing to our new HackEDU Break/Fix content in the my.securityjourney.com Platform! This means that learners can now self-assess and their results be added to the Lesson Rankings report.


February 1st, 2023

New Paths πŸŽ‰

We are pleased to announce that two new default paths were added to the my.securityjourney.com Yellow Belt. These new Progressive Learning paths were designed to have both HackEDU Break/Fix and video lessons. The paths are:

  • PCI DSS Compliance

  • OWASP Top 10: 2021

These are only available to current my.securityjourney.com customers. If you don't have access to my.securityjourney.com and would like to learn more please contact your Customer Success Manager or email customersuccess@securityjourney.com.


January 31st, 2023

New Content πŸŽ‰

Security Journey added over 280 HackEDU Hands-on lessons for secure coding training to the AppSec Education Platform found at my.securityjourney.com!

To learn more, check out our latest blog post and NEW Help Desk articles:

If you don't have access to my.securityjourney.com and would like to learn more please contact your Customer Success Manager or email customersuccess@securityjourney.com.


January 26th, 2023

Improvements πŸ’ͺ

We've made some changes to our Full Catalog feature in preparation of HackEDU Break/Fix content being available in my.securityjourney.com. We've added a new filter called "By Lesson Type" so learners and admins can filter content by:

  • Break/Fix (HackEDU)

  • Video

  • Video with Experiments


January 19th, 2023

New Content πŸŽ‰πŸ’ͺ

This week, our team released three new Default Paths to the Platform:

  • Green Belt for Azure

  • Green Belt for Infrastructure as Code

  • Green Belt for Scala

You can find and assign these as needed by going to Admin > Paths & Quests > Default Paths.


January 9th, 2023

Improvements πŸ’ͺ

There was an update made to the Path creation workflow to include Scala in our content filters.


January 5th, 2023

New Language & Improvements πŸŽ‰πŸ’ͺ

Happy New Year from the Security Journey team! We are starting the year out strong with Scala content being added to the Security Journey catalog. Additionally, we updated Experiment Playground dropdown to include Go and Typescript content since this is now available.


December 16th, 2022

Improvements πŸ’ͺ

There have been several improvements made this week to the Security Journey Platform:

  1. We've updated the "max attempts" error messaging in the Platform. Now, when a learner has maxed-out their attempts at completing an assessment they will be directed to rewatch the video before they can try the assessment again

  2. We've resolved an issue that was causing admins and learners to not be able to scroll when using the Full Catalog.

  3. We also improved our infrastructure to allow our experiments to load faster and also displays a loading spinner.


November 11th, 2022

New Feature πŸŽ‰

Security Journey admins now have the ability to delete paths, missions and quests as needed from within the UI. To learn more, check out this article.
​
​At this time, this applies to single tenant Platform accounts not my.securityjourney.com.


October 28th, 2022

Reporting Improvements πŸŽ‰

This week, we've updated the Progress Report to include an "Archive" column. We now display the date an admin or learner was archived from the Platform for reporting purposes. This column is also sortable in the UI!


October 7th, 2022

New Content Alert 🚨

Security Journey has a new lesson on the block. NEW to our Green Belt is Season 2 of Javascript. Check it out!


September 29th, 2022

New Features πŸŽ‰

We had a few new features added to our Mentor and Judgement Requests this week!

  1. Mentor and Judgement requests now have timestamp (in UTC). Admins also have the ability to sort these requests from 'Newest' or 'Oldest.'

  2. We added Activity IDs to our Mentor and Judgement Request feature and have made them searchable.

  3. Admins now have a full WYSIWYG editor and can attach files within the Mentor and Judgement Requests feature.


September 19th, 2022

Features & Improvements πŸŽ‰πŸ’ͺ

Our Engineering team was able to resolve two issues that were affecting admin functionality:

  1. We resolved an issue that was causing archiving users to present an error.

  2. Resolved bug that was preventing admins from filtering on a module name. When trying to filter by typing in a module's name (adding to a quest, path etc.), admins weren't seeing any results.

Additionally, we were informed that customers were confused about the Security Contacts Toggle settings in the admin menu. Now, when text is populated in the Security Contact text field, the feature will be enabled by default!


September 8th, 2022

New Content, Features & Improvements πŸŽ‰πŸ’ͺ

Lots of exciting things in the works! This week, we have a number of important things to announce:

NEW Content

You asked, we delivered. Our Rust Green Belt Path (10 modules) is available now!
​
​Multi-Tournament Support

Admin are now able to enable multiple tournaments at the same time. Previously, you were limited to one. Additionally, admins can now delete a tournament from their view.

Ability to Export Leaderboard and Achievement Wall

We've added the ability to export the data in both the Leaderboard and Achievement Wall within the admin settings.

Knowledge Base πŸ€”

You can finally access our Security Journey Knowledge Base from the Platform! We've added a link to our documentation in the More ^ dropdown:


​


April 4th, 2022

Dojo Redesign πŸŽ‰

Today is a big day! We've refreshed and simplified our Security Journey Dojo UX/UI so that learners can better navigate the Platform and more easily find and complete the next lesson in their assignment. Lessons completed, points earned and assignments awaiting is prominently displayed on the main map. A new, pulsating orb helps guide learners to their position and the next module on the map.


​

A more intuitive experience and easier navigation means higher engagement for Admins, too! Our most-used features are now front and center.


​


April 4th, 2022

New Features πŸŽ‰

This release, we pushed out a lot of new features including:

  • SAML Approve

  • User Archive

  • We've refactored our JWT authentication & implemented JWT secrets rotation

  • We also have a new certificate design


February 15th, 2022

New Features πŸŽ‰

Security Journey is excited to announce that we've added a Terraform - Green Belt Path to our course catalog. Additionally, you will now see your video player remember your preferred settings.

We've also updated our Experiment UI, the look and feel is all-new!


January 6th, 2022

New Features πŸŽ‰

Security Journey rolled out two new features to the Dojos:

  • Allow customization of notifications and congratulations e-mail

  • Ability to create Security Journey default Paths


December 15th, 2021

New Features & Improvements πŸ’ͺ

This week, we released two new features to the Dojo and resolved a bug impacting path duration. See details below:

  • Auto disable paths

    • All new content will be disabled by default. Admins will need to enable the new content for users to have access to it.

  • Notes now save automatically (without having to click a button)

Improvement:

  • Issue with "Total path duration" hours resolved

    • The accumulated duration of custom paths did not function correctly. With this fix, the correct duration will be displayed.


November 16th, 2021

New Features & Improvements πŸ’ͺ

Security Journey

  • Mentor and Judgement Request features under the Activity tab in the Security Journey Dojo was updated to include historical details

  • The Progress Report in Admin now supports sorting of columns in UI view

Did this answer your question?