We’re excited to announce a key update to our learning platform: modules from some of our larger courses are now also available as smaller, more focused individual courses. This change is designed to enhance the learning experience by making it easier for learners to complete courses at a more manageable pace.

By breaking down our larger courses, we aim to support learners in achieving their goals without feeling overwhelmed, making their secure development training even more achievable!

What’s New?

• Smaller Course Sizes: Our longer, content-heavy courses are now also available as much smaller, digestible courses. This means learners can absorb information in bite-sized pieces, reducing the pressure of completing extensive modules, all in one go.

• Flexible Learning: With smaller courses

  • Learners can now spread their training over several weeks or months. This flexibility allows them to focus on one module at a time, ensuring better retention and a more manageable workload.

  • Group leaders can add more focused training modules in learning paths, making the learning paths much smaller, more achievable and better customised for your specific training needs.

• Larger Courses Still Available: If you prefer the original format, don’t worry! The larger, comprehensive courses remain available for those who enjoy diving deep into a topic all at once.

• Seamless Progress Tracking: As an added bonus, any progress made in the smaller modules will automatically carry over into the corresponding larger course (and the other way around). This ensures that no effort is lost, and learners can switch between formats without missing a beat. If you have already completed one of these modules in the original course, this completion will be carried over into the smaller course as well.

What courses are now available as smaller courses?

The Finding and Fixing Web Application Security Vulnerabilities course is about 4 hours and 33 minutes long. It contains 13 modules in total.

All its core modules (except for the introduction) are now available as individual courses:

1. Finding and Fixing: Object Access Vulnerabilities

2. Finding and Fixing: Enumeration Vulnerabilities

3. Finding and Fixing: SQL Injection Vulnerabilities

4. Finding and Fixing: Configuration Vulnerabilities

5. Finding and Fixing: Operating System Injection Vulnerabilities

6. Finding and Fixing: Passwords and Authentication

7. Finding and Fixing: Session Vulnerabilities

8. Finding and Fixing: Cross Site Scripting Vulnerabilities (XSS)

9. Finding and Fixing: Using Components with Known Vulnerabilities

10. Finding and Fixing: Path Traversal Vulnerabilities

11. Finding and Fixing: Return of the SQL Injection

12. Finding and Fixing: XML External Entity (XXE) Vulnerabilities

The Finding and Fixing API Security Vulnerabilities course is about 2 hours and 29 minutes long. It contains 10 modules in total.

All its core modules (except for the introduction) are now available as individual courses:

1. Applying Security Concepts to Development and Operations

2. Finding and Fixing: Broken API Authentication Vulnerabilities

3. Finding and Fixing: Broken API Authorisation Vulnerabilities

4. Finding and Fixing: API Data Exposure Vulnerabilities

5. Finding and Fixing: API Resource Limitations Vulnerabilities

6. Finding and Fixing: API Mass Assignment Vulnerabilities

7. Finding and Fixing: API Injection Vulnerabilities

8. Finding and Fixing: API Misconfiguration and Mismanagement Vulnerabilities

9. Transitioning To Microservices or Hybrid Architectures

The Introduction to DevSecOps is about 3 hours and 19 minutes long. It contains 5 modules in total.

All its modules are now available as individual courses:

1. DevSecOps: Culture and Processes

2. DevSecOps: Cloud Security

3. DevSecOps: Securing Source Code and Deployment Pipelines

4. DevSecOps Defence

5. Strategically Growing DevSecOps

This update is all about giving you more control over your learning experience, while still offering the flexibility to choose the format that best suits your needs.

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls. Security training provided by SafeStack forms an integral part of a robust compliance and security control strategy.

We are happy to announce our new Drata integration functionality, allowing customers to automatically upload completion evidence of their learners’ security training, from SafeStack, into Drata.

Just pick the learning paths you want to track when setting up the integration and you’re good to go! When users complete their learning paths, an evidence PDF will be generated and uploaded to Drata automatically, marking their own security training as completed within Drata.

This removes the hassle of uploading evidence manually for your team and keeps compliance information in Drata up to date.

If your organization is using, or planning to use Drata to automate compliance related tasks, check out our Drata integration today.

Summary

In order to provide a more streamlined login experience for our users, SafeStack will update its authentication domain name from learn-safestack-io.au.auth0.com to auth.learn.safestack.io on February 10, 2024 (Saturday) as part of scheduled maintenance of its authentication systems.

If you use Single Sign On to log into SafeStack, you may need to make minor changes in the SafeStack client configuration set up with your identity provider. These changes are outlined below.

How does this affect you?

Your login experience will be similar to what it is now, this is simply an update of the domain name that we use for our authentication system. Your existing credentials to log into SafeStack will continue to work as they do now and there will be no change to your training data in SafeStack.

If Single Sign On has not been configured for your organization

After you enter your email address on the login page, instead of being redirected to https://learn-safestack-io.au.auth0.com/ you will be redirected to https://auth.learn.safestack.io/.

If you use a password manager to save your credentials, you may need to find your existing credentials to log into SafeStack by searching for safestack in your password manager. Upon successful login, your password manager may prompt you to add or update your SafeStack credentials (since the authentication website URL will be different).

Our forgot password functionality will continue to work, in case you need to reset your password.

If Single Sign On has been configured for your organization

You may need to update the Redirect URI’s configured for use with the SafeStack client in your identity provider (IdP). Before February 9 2024, both the following redirect URI’s must exist in your configuration:

1. https://learn-safestack-io.au.auth0.com/login/callback

2. https://auth.learn.safestack.io/login/callback

You can make these changes right away without affecting your organization’s access to SafeStack.

Azure AD / Entra ID

If you use Azure AD / Entra ID as your IdP, the redirect URI’s can be configured as per Step 1.8 here

Google Workspace

If you use Google Workspace as your IdP, the redirect URI’s can be configured as per Step 1.6 here

Okta

If you use Okta as your IdP, the redirect URI’s can be configured as per Step 4 here

Once this configuration is in place, you will be able to log into SafeStack as usual from our login page.

Help and Support

Our support team is available via email at [email protected] for assistance with this change, to answer any questions or if you face any issues.

When setting up your Learning Path, you’ve previously been able to add a due date that your learners should have completed their courses. This due date in some instances would show as being a day forward or behind depending on if learners were in a different timezone.

We’ve now added the ability to set the due time that courses should be completed by, and improved how the due date is shown to group leaders and their learners based on their current timezone.

The SafeStack - Vanta integration now sends your users' security and compliance training data to Vanta every hour, so it can be included in Vanta's monitoring and reports.

SafeStack’s Security Awareness programme contains a lot of courses that help you meet compliance training requirements for frameworks like ISO27001, PCI DSS and SOC2.

If your organization is using Vanta to automate compliance related tasks, check out our Vanta integration to send your SafeStack users - and their compliance training information, automatically to Vanta.