By breaking down our larger courses, we aim to support learners in achieving their goals without feeling overwhelmed, making their secure development training even more achievable!

What’s New?

• Smaller Course Sizes: Our longer, content-heavy courses are now also available as much smaller, digestible courses. This means learners can absorb information in bite-sized pieces, reducing the pressure of completing extensive modules, all in one go.

• Flexible Learning: With smaller courses

  • Learners can now spread their training over several weeks or months. This flexibility allows them to focus on one module at a time, ensuring better retention and a more manageable workload.

  • Group leaders can add more focused training modules in learning paths, making the learning paths much smaller, more achievable and better customised for your specific training needs.

• Larger Courses Still Available: If you prefer the original format, don’t worry! The larger, comprehensive courses remain available for those who enjoy diving deep into a topic all at once.

• Seamless Progress Tracking: As an added bonus, any progress made in the smaller modules will automatically carry over into the corresponding larger course (and the other way around). This ensures that no effort is lost, and learners can switch between formats without missing a beat. If you have already completed one of these modules in the original course, this completion will be carried over into the smaller course as well.

What courses are now available as smaller courses?

The Finding and Fixing Web Application Security Vulnerabilities course is about 4 hours and 33 minutes long. It contains 13 modules in total.

All its core modules (except for the introduction) are now available as individual courses:

1. Finding and Fixing: Object Access Vulnerabilities

2. Finding and Fixing: Enumeration Vulnerabilities

3. Finding and Fixing: SQL Injection Vulnerabilities

4. Finding and Fixing: Configuration Vulnerabilities

5. Finding and Fixing: Operating System Injection Vulnerabilities

6. Finding and Fixing: Passwords and Authentication

7. Finding and Fixing: Session Vulnerabilities

8. Finding and Fixing: Cross Site Scripting Vulnerabilities (XSS)

9. Finding and Fixing: Using Components with Known Vulnerabilities

10. Finding and Fixing: Path Traversal Vulnerabilities

11. Finding and Fixing: Return of the SQL Injection

12. Finding and Fixing: XML External Entity (XXE) Vulnerabilities

The Finding and Fixing API Security Vulnerabilities course is about 2 hours and 29 minutes long. It contains 10 modules in total.

All its core modules (except for the introduction) are now available as individual courses:

1. Applying Security Concepts to Development and Operations

2. Finding and Fixing: Broken API Authentication Vulnerabilities

3. Finding and Fixing: Broken API Authorisation Vulnerabilities

4. Finding and Fixing: API Data Exposure Vulnerabilities

5. Finding and Fixing: API Resource Limitations Vulnerabilities

6. Finding and Fixing: API Mass Assignment Vulnerabilities

7. Finding and Fixing: API Injection Vulnerabilities

8. Finding and Fixing: API Misconfiguration and Mismanagement Vulnerabilities

9. Transitioning To Microservices or Hybrid Architectures

The Introduction to DevSecOps is about 3 hours and 19 minutes long. It contains 5 modules in total.

All its modules are now available as individual courses:

1. DevSecOps: Culture and Processes

2. DevSecOps: Cloud Security

3. DevSecOps: Securing Source Code and Deployment Pipelines

4. DevSecOps Defence

5. Strategically Growing DevSecOps

This update is all about giving you more control over your learning experience, while still offering the flexibility to choose the format that best suits your needs.

We are happy to announce our new Drata integration functionality, allowing customers to automatically upload completion evidence of their learners’ security training, from SafeStack, into Drata.

Just pick the learning paths you want to track when setting up the integration and you’re good to go! When users complete their learning paths, an evidence PDF will be generated and uploaded to Drata automatically, marking their own security training as completed within Drata.

This removes the hassle of uploading evidence manually for your team and keeps compliance information in Drata up to date.

If your organization is using, or planning to use Drata to automate compliance related tasks, check out our Drata integration today.

This new report contains 3 types of graphs, each designed to highlight key pieces of information that help you better understand the effectiveness of your learning paths and security training.

Graph 1: Learning Path Course engagement

This graph highlights the engagement of your learning path at the course level. It can help answer questions like:

1. What courses are being fully completed by my learners?

2. What courses are being started but not completed by my learners?

3. What courses are not being started at all by my learners?

4. What courses are most engaging, and which ones are my learners not too interested in?

Graph 2: Learning Path Engagement

This pie chart compares the percentage of your learners that have not yet started, started and completed your learning path as a whole. This can help group leaders visualize learning path engagement easily. Over time, one would want the red slice to reduce in size and the green slice to increase in size.

Graph 3: Learning Path completion over time

This graph plots the cumulative percentage of users that have completed the learning path, over time. This is really useful to understand how quickly your team is ramping up with their training and how much training there is still left to be done, before you hit the learning path due date (if there is one).

Other functionality

Graph toolbar

The graph toolbar (top right of every graph) can be used to download the graph in the PNG or SVG format. You can also download the raw data behind the graph, by downloading using the CSV format option.

For time series graphs (like the Learning Path completion over time graph), you can also zoom in/out or drag and select a specific time range you want to explore within the whole period.

Reports page

We’ve made minor changes to the Reports page to separate individual reports from group reports much more clearly.

More interesting changes ahead

In the future, we plan to add more functionality to these reports to take them a step further, making it easy for group leaders to communicate with their learners about their training. But we will have more on that later!

We hope you enjoy the new changes in SafeStack and are always open to feedback, suggestions or concerns.

More than 30 seminars have occurred since SafeStack was launched, covering a wide range of topics, including threat modeling, AI, DevOps, SAST and so on. Every topic is sourced from our community and customer suggestions, so they are guaranteed to be timely, relevant, and focused on current and emerging secure development best practices.

A feature requested by many customers is the ability to add seminars into learning paths, allowing security champions to craft outcome focused training programs, along with high quality, interactive, bite-sized training for specific topics covered in our seminars.

From today, all our past seminars are available as courses on the platform! They can be added to learning paths, just like any other course. Further, reports will indicate whether a learner has completed watching a seminar or not, from this point onwards, providing much more visibility about seminar related training to group leaders.

We will continue to host live seminars based on customer suggestions and our roadmap. You will still be able to register for live seminar sessions from the platform. Once a live seminar has finished, it will be available as a course on the platform, so that your team can watch it at a later date.

Our support team is available via email at [email protected] to answer any questions you may have about this change.

Resetting progress can be done across your entire organization from the Organization page, or for the learners and courses within a specific Learning Path from the Learning Paths page.

Some key points to note:

• Learners will retain any badges and achievements they’ve previously earned.

• Historical data will not be available from the Reports section. We recommend downloading and archiving any reports per your organization's compliance and data retention policies before resetting progress data.

Now, you can easily create a Learning Path for all supported compliance frameworks - just click the “Create Learning Path” button on a compliance framework! This will automatically create a new learning path with all the relevant courses, then redirect you to the new learning path, so that you can set a due date, description and enrol your learners into the new learning path.

Using learning paths as a way to achieve compliance training needs has tremendous benefits like:

• learners automatically receive an email about their enrolment into the new learning path

• learners also receive an email reminder to complete the learning path, in case they haven’t completed it, around 5 days before the due date

• group leaders can easily track compliance training progress for every compliance framework, right from the dashboard or via the “Group Progress by Learning Path” report

A safety net is also in place to ensure you don’t accidentally delete the wrong user without double-checking. As noted in the confirmation dialog, you can manually download a copy of a user’s progress report before deletion, as all of their data will be lost once deleted.

We’ve made this minor change to provide better visibility for an important feature used by group leaders.

👇

Compliance training is spread across both our Secure Development program as well as the Security Awareness program. Some of our more recent customers were not able to view or buy the Security Awareness program, while we worked on making some strategic changes to the program.

We are now happy to announce that:

1. all Secure Development customers, who didn’t have access to the Security Awareness program, now have access to a limited set of free courses from this program

2. all Secure Development customers can now buy the Security Awareness program as an add-on

3. your learners will not see any Security Awareness content, until one of your Group Leaders assigns them to the program

4. we have redesigned our subscription page to better highlight what plan you are on and what add-ons are available for your organization in SafeStack

5. the subscription page itself has been moved from “Settings → Subscription” to “Subscription” in the sidebar

   

—

Head over to our course catalog and check out the Security Awareness courses available, for free, for your organization!

Or check out the new subscription page, from where you can buy or manage your subscription for any of our programs or add-ons.

PS: You can read more about how we can help you meet your compliance needs here.

Within this page you’ll find a handy new option to ensure that users from your organization, signing up to SafeStack on their own, get added to your existing SafeStack organization, instead of being added to a completely new SafeStack organization.

Note that such users will be invited as Learners into your SafeStack organization and will not occupy any seats, until a Group Leader assigns them to one of our training programs.