Skip to content

Security Journey vs. SecureFlag [2024]

Published on

Choosing the right secure coding training is a crucial decision for your software's security. With so many options, it's easy to get lost.  

In this article, we'll provide a clear, head-to-head comparison of Security Journey and SecureFlag so you can select the platform that will best protect your development process. 


Who is Security Journey?   

Founded in 2016, Security Journey built a reputation for its web-based application security training platform, focused on helping developers and security teams create more secure software.   

Since its 2022 acquisition by HackEDU, Security Journey has evolved into an even more powerful enterprise solution. The combined AppSec Education Platform now offers hands-on, secure coding training and video learning, giving learners a robust, programmatic way to integrate security principles into their daily work.  


Security Journey's AppSec Education Platform   

Security Journey’s AppSec Education Platform’s intuitive interface gives administrators a snapshot of critical information on an interactive map or list. Learners easily navigate diverse training paths, covering core security concepts and practical, role-based applications. 

Our comprehensive training solution gives your entire SDLC team the power to build secure software from the ground up. With multi-year programs offering over 1000 lessons across 45+ programming languages, technologies, and frameworks, we ensure every team member has access to the training they need to excel – regardless of their experience level. 

Read The Article: Security Journey Named ‘Easiest To Do Business With’ in G2 Spring 2024 Report

We understand that different team members have varying needs. Security Journey addresses this challenge with pre-built learning paths organized by three categories:  

  • Role-Based: With more than 12 distinct role-based paths developers, security professionals, and other SDLC members can target their training to the specific skills they need to excel in their positions.  
  • Compliance-Based: These paths ensure teams achieve compliance with industry standards such as OWASP, PCI DSS, and more.  
  • Topic-Based: Focused paths delve deep into specific topics such as AI/LLM or OWASP Top 10  

By leveraging these pre-built paths, administrators can confidently build a progressive security journey for their learners. This ensures that everyone on the team gains the proficiency required to build secure software.  

Our lessons offer flexibility to cater to different learning styles. While business roles such as project or product managers might  choose to watch videos or read lesson summaries, we know that development roles and security engineers would rather engage in hands-on programming experiments.  


Who is SecureFlag?   

SecureFlag is a software company based in London, UK that provides a platform for secure coding training. The platform offers development environments where developers, DevOps, and QA engineers can learn to identify and fix vulnerabilities through hands-on exercises.  


SecureFlag Platform 

SecureFlag's platform is a training solution that teaches developers, DevOps, and QA engineers secure coding principles.  The platform focuses on hands-on exercises within simulated development environments, allowing learners to practice identifying and addressing vulnerabilities in real-world scenarios. SecureFlag offers lessons across various programming languages and frameworks, emphasizing practical application alongside theoretical security concepts. 


Security Journey vs. SecureFlag 

Now, let’s compare Security Journey and SecureFlag side-by-side. The infographic summary is below. 

Technical Depth of Content  

Security Journey – Our platform offers a wide range of progressive lessons that cover basic vocabulary and deeply technical content to challenge Security Champions. Additionally, we cover topic areas other providers don't, such as AI/LLM.  

SecureFlag —SecureFlag offers a large number of labs with limited format variety that the admin must assemble into a logical learning path. 


Videos with Impact 

Security Journey - We offer conversational podcast-style videos featuring industry experts.  

SecureFlag – SecureFlag has a limited quantity of brief animated videos with voice-over. 


Hands-On Training Capabilities 

Security Journey – Customer has access to multiple types of lessons that require coding in a live web app to apply learned concepts with pre-warmed sandboxes for a positive learner experience. 

SecureFlag —The SecureFlag Platform contains a large amount of lab-style hands-on content, but the labs can take up to a minute to load. 


Customizable Role-Specific Learning Paths  

Security Journey – Our platform offers customizable, pre-built paths for compliance, topics, and more than a dozen discrete development team roles. 

SecureFlag SecureFlag offers customizable, pre-built learning paths based on the developers' language, level, or status. 


Security Champion Program Management  

Security Journey – The platform has a purpose-built function for tracking Security Champion's offline hands-on activities. 

SecureFlag - No function for managing security champion activities. 


Analytics & Insights 

Security Journey - Reporting can be filtered on any user property from SSO or SCIM and includes reports showing knowledge improvement. 

SecureFlag - Reporting functionality with separate reports for learning paths, labs, learners, competency score, and accuracy score.  


Customer Success and Service  

Security JourneyEach customer is assigned a CSM, and learners can access human-driven in-app chat during business hours. The guide is provided during onboarding to ensure an effective program.  

SecureFlag – There are few resources available to support customers and professional services based in Europe. 


Enterprise-Grade Features  

Security Journey SOC2 compliant to protect data, SSO and SCIM support for easy user management, WCAG support across all lessons (read more about security and accessibility).  

SecureFlag - SecureFlag doesn't appear to have any of these features. 


Product Focus 

Security Journey   Our team is 100% dedicated to training members of the SDLC to create more secure software. 

SecureFlag – SecureFlag is a small company that produces and sells both threat modeling and secure coding training products. 



Security Journey vs. SecureFlag: Which is Best?  

Finding the perfect secure coding training platform requires careful consideration of your organization's unique needs and budget.   

Use The Security Journey vs SecureFlag G2 Comparison Tool Here 

Here are some key questions to help you make the best choice:  

  • Focus - Do you need a comprehensive program that provides ongoing secure coding education for all SDLC roles, or are you depending on your developers to possess the most up-to-date security knowledge? 
  • Management - How important are ease of deployment and ongoing management? Do you prioritize these aspects or prefer a platform focused on detailed learner scoring?  
  • Support – What kind of support is included in the base cost?  

Read The Article: Essential Features for Your Secure Coding Training Platform: A Checklist for Admins 

The decision can be complex, but it's important to find a solution that delivers what your team needs. If you're looking for a platform that encourages ongoing developer engagement, produces securely coded applications, and simplifies long-term management, Security Journey's AppSec Education Platform would be a strong contender.