Snyk Learn
Snyk Learn is dedicated to developer education, specifically looking at vulnerabilities in detail including the why and how:
  • Why is it vulnerable?
  • How do we mitigate it?
Snyk Learn teaches developers how to stay secure, with interactive lessons exploring vulnerabilities across a variety of languages and ecosystems.
Many graduate developers may have completed their whole degree program without ever taking a course dedicated to computer security. Snyk Learn helps to educate these developers with knowledge and expertise, both theory and practical.

Our lessons are targeted toward developers who want to learn more about specific vulnerabilities and how to mitigate them. Snyk Learn is also helpful for developers, team leads, and managers who want to enhance the general security knowledge of their team.

Lessons are structured as follows:
  • The basics of the vulnerability are covered which explains exactly what the vulnerability is.
  • Then there is an in action section that looks at how the vulnerability would be executed.
  • Each lesson has an interactive widget where developers can see exactly how the vulnerability is being executed. But seeing it work and knowing how it works is different.
  • The third section of the lesson is under the hood where we take a look at why the vulnerability worked and the code behind it.
  • Finally, it’s the mitigation section. This is where developers will learn how to fix the vulnerability using code examples.

There are many lessons covering many different languages. The languages being covered currently are JavaScript, Java, C#, Python, PHP, and Go. We also have a couple of lessons for Kubernetes. More languages will be covered in the future.

Our main goal is to cover all topics with the OWASP top 10. This includes:
  • Broken Access Control
  • Cryptographic Failures
  • Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery

Snyk Learn administrators can view insights about the adoption of Snyk Learn within their organization, including seeing which lessons your colleagues have viewed, and what security issues those lessons cover.
Reporting gives you three different overviews:
  • Lesson overview: show which lessons have been viewed and what CVE/CWE/Rule ID the lesson covers. You can also click view users to share lessons.
  • User overview: show each user (by email) and how many overall views they have for all the lessons.
  • Category overview: show which categories (PHP, JavaScript, etc.) users have selected in their profile.
Export as PDF
Copy link
Edit on GitHub
On this page
Lessons for developers
Lesson structure
Language coverage
OWASP coverage
Reporting on Snyk Learn adoption