Security Journey Platform Updates – February 2024

The Security Journey team has been working diligently to bring valuable updates to our enterprise application security education platform. These updates encompass our administrative features and training content.  

If you would like to learn more about the latest platform updates, visit our Knowledge Base for details or contact your Customer Success Manager for assistance. 

Security Journey Administrative Features Updates 

We’re excited to introduce new administrative features to the Security Journey Platform, including updates to Assignment Management and Reporting Enhancements.

We have several new updates to the ability to manage assignments: 

Duration-Based Assignments – This method efficiently manages long-term training programs such as new hire onboarding and role-based training. These assignments have rolling completion dates based on the date enrolled and automatically enroll learners who meet the assignment criteria. 

Restricted Paths - Enables Admins to create training assignments that are only visible to the learners assigned. Read more about Restricted Paths here

Learner Attribute-Based Assignments – Admins can now create assignments based on learner role, team, business unit, or manager, including: 

• Business Unit 
• Job Role 
• Company 
• Country 
• Department 
• Manager’s Email 
• Manager 
• Security Champion 
• Team 
• Title 

The new updates also include  Reporting enhancements; admins can now filter reports using learner attributes, providing better insights into program status and results. These attributes include:  

• Team 
• Role 
• Manager 

Security Journey Training Content Updates 

In addition to administrative updates, we also have some exciting training content updates for learners on the Security Journey Platform, including 

• Refreshed Video Content 
• Content Improvements for Break/Fix Lessons 
• New Video and Break/Fix Lessons 

We have new lessons for learners, including: 

• [Video Lesson] Introduction to Security Journey– This video explains to learners why they are being asked to complete application security training and how it can benefit them. 
• [Break/Fix Lesson] Security misconfiguration – Ruby 
• [Break/Fix Lesson] Unsafe consumption of APIs – C++ 
• [Break/Fix Lesson] Unrestricted Access to Sensitive Business Flows –Rust, Perl, C, C++ 

23 video lessons have been refreshed to enable knowledge and skill building for the current application security landscape, including: 

• Threat Modeling Process 
• Threat Modeling Examples 
• Server-side Request Forgery (SSRF) 
• Dynamic Application Security Testing 
• Six Foundational Truths of Application Security 
• Privacy Threat Modeling  
• Privacy Threat Modeling Process 
• Cross-Site Scripting (XSS) | Part 1 
• Cross-Site Scripting (XSS) | Part 2 
• AppSec in DevOps World 
• Insecure Communication 
• Next Gen AppSec Tools 
• Penetration Testing and Bug Bounty 
• Security Requirements  
• Vulnerability Scanning  
• AppSec in an Agile World | Part 1 
• AppSec in an Agile World | Part 2 
• Secure Design Principles | Part 1 
• Secure Design Principles | Part 2 
• Cryptography  
• Language Typing 
• Output Encoding  
• Cross-site Request Forgery (CSRF) 

Break/Fix lessons now have Task Lists that summarize each action the learner needs to take to complete the lesson and shorten the time to complete each lesson, improving the learner experience. Task Lists are only available in OWASP Top 10 and OWASP Top 10 API paths, with more coming soon. 

Stay Up to Date on Application Security Best Practices 

At Security Journey, our goal is to ensure that your teams are always equipped with the latest resources on application security, covering the most significant threats, vulnerabilities, and technologies. To stay updated with the latest industry news and events, subscribe to our blog and follow us on LinkedIn. 

If you have any questions about the Security Journey Platform's content or features, please do not hesitate to contact our team today.