Exploring the FREE Snyk Learn platform

AppSec Jun 21, 2022

Good quality education is essential for the success of a security program. We take a look at Snyks FREE interactive learning platform Snyk Learn which covers multiple coding languages and vulnerabilities.

The Snyk Learn platform

Snyk has been around since 2015 and is currently my go-to Software Composition Analysis (SCA) tool helping me manage code and image dependencies. Whilst primarily known for its high-quality developer-first SCA solution over the last couple of years, Snyk has really started to expand its portfolio.

Snyk Learn is a free platform that can help you teach your development team to code securely in a fun and engaging way.

Free Interactive Secure Development Training
Snyk Learn is developer-first security education that offers free interactive lessons on how to fix vulnerabilities in applications, containers, and IaC.

Look and Feel

When landing on the Snyk learn home page, you are greeted with the familiar no-nonsense styling. Clicking on the lessons link will pull up the entire catalogue, which can be filtered by one of the supported languages.

Entering a lesson pulls up a clean-looking page, with the lesson content to the left and a progression tracker to the right.

When scrolling the content, everything remains well laid out and accessible. Whilst it doesn't have that exciting gamified styling provided by Secure Code Warrior, it certainly provides a clean and pleasant learning environment.

Lesson content

Lessons are currently based on 7 different languages:

  • JavaScript
  • Java
  • Pyhon
  • C#
  • Python
  • Go
  • Kubernetes

Each language has a variable number of lessons that are based on the top common weaknesses found in code scanned by the Snyk SCA tool.

At the time of writing, 27 different interactive lessons are available covering things like SQL injection, Cross-Site Scripting and big-hitting vulnerabilities like Spring4Shell.


There isn't a massive amount of content at the moment. Java and Javascript have the most lessons with a count of 6, Python has 4, PHP has 3, and the remainder only 2.

The learning experience

Each lesson is broken down into manageable chunks. You can track your progress using the menu on the right-hand side and easily navigate through the different sections.

You do not need to log in to participate in the lessons but its reccomended if you want to keep a record of your learning and keep up to date with new content

Learn about the vulnerability

The first section you encounter will give you some information about the vulnerability you are learning about. It's high-level and easy to understand; for example, the SQL injection introduction is as follows:

Lesson overview

You are given easy-to-understand, clear objectives and goals for the interactive session and overall lesson. I love the inclusion of the "fun fact" as it helps promote the casual and fun feel of the platform.


Multistage interactive exercise

Each interactive exercise has several stages. In these stages, you will be given specific instructions to execute using virtualised applications, browsers and terminals. Usage of real-life tools like Nmap and cURL bring a bit of realism to the exercise and help give a better insight into how the weakness can be exploited in the wild.


Getting Under the hood and understanding mitigation.

It's great to have hands-on experience of exploitations, but the technical aspect needs to be explained. Snyk learn does this well, providing detailed information via text, code snippets and diagrams to show you what is happening under the hood and how to protect yourself.

I particularly liked the code tour option as it continues the interactive theme keeping the student engaged ... there will be no falling asleep in this class!

Keep learning

A collection of quality, additional resources for those that want to deep dive into the top and learn more.

What do we think?

There lots to love about Snyk Learn

Interactive

I love interactive learning! Sitting in front of a corporate video with a multiple-choice; question extravaganza at the end isn't for me.

Developer focused

As with most Snyk products, this platform is developer focussed. It has a good balance of code, and offensive security, ensuring its target audience is educated but not overwhelmed. Budding offensive security professionals should take a look, Hack the Box, OFFSEC proving grounds, or my personal favourite, Try Hack Me would be a better option.

Limited but quality content

As far as content is concerned, there isn't a massive amount on the Snyk Learn portal at the moment, but what is there is well laid out, informative and fun. Knowing Snyk and how fast they operate, I'm sure we will see many more lessons appear as the platform matures.

Suitable for small teams and individuals

There is no centralised management for the learning. Because of this, It's not really suitable for large corporate environments, but for small teams or as an additional learning tool, Snyk Learn is a great option.

If you are looking for something that really works at scale check out Secure Code Warrior.

Useful integrations

Like other learning platforms, Snyk has embraced the microburst learning mentality by integrating Snyk Learn with its SCA platform and IDE. If a relevant vulnerability is identified, it automatically suggests the corresponding lesson.

As Snyk Learn doesnt require you to login, you could add the URL of a lesson to feature stories where you think there is a risk of the weakness being introduced. This will provide the developer with a handy on demand learing resource.

Summary

Snyk is continuing to expand and innovate in the application security space. It's great to see an offering of this quality being made freely available, I'm really looking forward to seeing how this platform develops over time.

Comments

Share your thoughts and ideas:

Tags

Scott Mitchell

Experienced AppSec leader and enabler. I have progressed from being "the security guy" to creating and leading a global security program. Sharing knowledge and learning from others is my passion.