SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

Snyk Learn

Introduction

Snyk Learn is dedicated to developer education, specifically looking at vulnerabilities in detail including the why and how:

  • Why is it vulnerable?

  • How do we mitigate it?

Snyk Learn teaches developers how to stay secure, with interactive lessons exploring vulnerabilities across a variety of languages and ecosystems.

Many graduate developers may have completed their whole degree program without ever taking a course dedicated to computer security. Snyk Learn helps to educate these developers (and all developers) with knowledge and expertise, both theory and practical.

Lessons for developers

Our lessons are targeted toward developers who want to learn more about specific vulnerabilities and how to mitigate them. Snyk Learn is also helpful for developers, team leads, and managers who want to enhance the general security knowledge of their team.

The lessons at Snyk Learn are aligned with the NIST NICE Framework Work Role Categories and Competency Areas.

Lesson structure

Lessons are structured as follows:

  • The basics of the vulnerability are covered which explains exactly what the vulnerability is.

  • Then there is an in action section that looks at how the vulnerability would be executed.

  • Each lesson has an interactive widget where developers can see exactly how the vulnerability is being executed. But seeing it work and knowing how it works is different.

  • The third section of the lesson is under the hood where we take a look at why the vulnerability worked and the code behind it.

  • Finally, it’s the mitigation section. This is where developers will learn how to fix the vulnerability using code examples.

Language coverage

There are many lessons covering many different languages. The languages being covered currently are JavaScript, Java, C#, Python, PHP, Go, and C++. We also have a couple of lessons for Kubernetes. More languages will be covered in the future.

Learning paths

We offer learning paths as a way for learners to take a predefined set of lessons. We offer multiple learning paths including OWASP Top 10 and Snyk Top 10.

OWASP Top 10

This learning path covers the OWASP top 10. Each OWASP category is a module on Learn. Each module contains at least one lesson. Completing all ten modules will result in the successful completion of this OWASP learning path. The modules are:

  • Broken Access Control

  • Cryptographic Failures

  • Injection

  • Insecure Design

  • Security Misconfiguration

  • Vulnerable and Outdated Components

  • Identification and Authentication Failures

  • Software and Data Integrity Failures

  • Security Logging and Monitoring Failures

  • Server-Side Request Forgery

Snyk Top 10

This learning path covers the Snyk top 10. This covers the top 10 Open Source vulnerabilities in the previous year found by Snyk. The modules are:

  • Denial of Service (DoS)

  • Remote Code Execution (RCE)

  • Deserialization of Untrusted Data

  • SQL Injection

  • Prototype Pollution

  • Insecure Temporary File

  • Directory/Path Traversal

  • Privilege Escalation

  • Regular Expression of Denial of Service (ReDoS)

  • Null Pointer Dereference

Reporting on Snyk Learn adoption

Snyk Learn administrators can view insights about the adoption of Snyk Learn within their organization, including seeing which lessons your colleagues have viewed, and what security issues those lessons cover.

Reporting gives you three different overviews:

  • Lesson overview: show which lessons have been viewed and what CVE/CWE/Rule ID the lesson covers. You can also click view users to share lessons.

  • User overview: show each user (by email) and how many overall views they have for all the lessons.

  • Category overview: show which categories (PHP, JavaScript, etc.) users have selected in their profile.

PreviousSnyk TrainingNextSnyk Partner workshops

Last updated

Was this helpful?

#4580: CLI: help, Ignore - support ticket 49463-add Iac examples

Change request updated