Snyk Learn

Snyk Learn is dedicated to developer education, specifically looking at vulnerabilities in detail including the why and how:
  • Why is it vulnerable?
  • How do we mitigate it?
Snyk Learn teaches developers how to stay secure, with interactive lessons exploring vulnerabilities across a variety of languages and ecosystems.
Many graduate developers may have completed their whole degree program without ever taking a course dedicated to computer security. Snyk Learn helps to educate these developers with knowledge and expertise, both theory and practical.

Lessons for developers

Our lessons are targeted toward developers who want to learn more about specific vulnerabilities and how to mitigate them. Snyk Learn is also helpful for developers, team leads, and managers who want to enhance the general security knowledge of their team.

Lesson structure

Lessons are structured as follows:
  • The basics of the vulnerability are covered which explains exactly what the vulnerability is.
  • Then there is an in action section that looks at how the vulnerability would be executed.
  • Each lesson has an interactive widget where developers can see exactly how the vulnerability is being executed. But seeing it work and knowing how it works is different.
  • The third section of the lesson is under the hood where we take a look at why the vulnerability worked and the code behind it.
  • Finally, it’s the mitigation section. This is where developers will learn how to fix the vulnerability using code examples.

Language coverage

There are many lessons covering many different languages. The languages being covered currently are JavaScript, Java, C#, Python, PHP, and Go. We also have a couple of lessons for Kubernetes. More languages will be covered in the future.

Learning paths

We offer learning paths as a way for learners to take a predefined set of lessons. Right now, we offer the OWASP Top 10 learning path which includes ten modules and twelve lessons.

OWASP Top 10

This learning path covers the OWASP top 10. Each OWASP category is a module on Learn. Within each module is one to two lessons. Completing all ten modules will result in the successful completion of this OWASP learning path. The modules are:
  • Broken Access Control
  • Cryptographic Failures
  • Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery

Reporting on Snyk Learn adoption

Snyk Learn administrators can view insights about the adoption of Snyk Learn within their organization, including seeing which lessons your colleagues have viewed, and what security issues those lessons cover.
Reporting gives you three different overviews:
  • Lesson overview: show which lessons have been viewed and what CVE/CWE/Rule ID the lesson covers. You can also click view users to share lessons.
  • User overview: show each user (by email) and how many overall views they have for all the lessons.
  • Category overview: show which categories (PHP, JavaScript, etc.) users have selected in their profile.
© 2022 Snyk Limited