Learn Cybersecurity
A Pro course on the security work developers actually do day to day, authentication, input safety, and rate limiting, co-taught by Rachel Johnson and Jonathan Hill across about five hours.
Quick answer
This is Scrimba's Pro-tier security course, roughly 5 hours co-taught by Rachel Johnson and Jonathan Hill. It is practical application security for developers rather than abstract theory or penetration testing: thinking like an attacker, handling authentication and identity safely, validating and sanitising input, and protecting endpoints with rate limiting and throttling. It leans backend, and it is aimed at developers who build apps and want to stop shipping the common vulnerabilities.
Learn Cybersecurity
ProTaught by Rachel Johnson (opens in a new tab)
Practical app security for developers: authentication, input safety, and rate limiting, taught by editing real code.
View on Scrimba (opens in a new tab)Is it worth your time?
Most developers learn security the hard way, by shipping a bug and reading the incident report. This course is the cheaper alternative: it walks through the vulnerabilities that actually show up in real apps and how to defend against them, with two instructors who keep it grounded in code. The input safety and rate limiting modules in particular cover ground that a lot of self-taught developers never get taught explicitly.
The honest caveat is the framing. Despite the broad name, this is application security for builders, not a general cybersecurity course. It will not cover network security, malware analysis, security certifications, or red-team tooling. If you came expecting an ethical-hacking curriculum, this is not that; it is about writing more secure apps.
What you'll learn
Course curriculum
4 modules
- Think Like a Security-Minded Developer
- Authentication and Identity
- Input & Data Safety
- Rate Limiting & Throttling
The course opens by reframing how you look at your own code, learning to ask where an attacker would push. From there it gets concrete: authentication and identity covers doing logins and sessions safely; input and data safety, the longest module, covers validating and sanitising what users send so you avoid the classic injection and data-handling bugs; and rate limiting and throttling covers protecting endpoints from abuse and brute force. The two shorter modules set up the mindset; the two longer ones do the hands-on defending.
Who it's for, and who should skip it
It fits developers who already build apps, especially anything with a backend, and want to harden them. It is a strong fit for anyone on the Backend Developer Path or building APIs.
Skip it if you are a complete beginner who has not built an app yet; the material assumes you understand how requests, auth, and data flow through an application. Skip it too if you wanted general cybersecurity or ethical hacking rather than app-level defence.
Prerequisites
Practical web development experience: you should understand how a client and server exchange requests, what authentication and sessions are for, and how an app handles user input. Backend familiarity (such as Node or Express) helps, since several examples are server-side.
Where it fits
This course is a standalone Pro course rather than a named path member, but it sits naturally alongside backend work on the Backend Developer Path. It pairs well after a framework course like Learn Express.js, where the auth and input topics map directly onto code you can already write.
Free or Pro
This is a Pro course, so it needs a Scrimba subscription. Pro also covers the full career paths, the coding challenges, the Discord, and certificates. See current plans for what Pro costs in your region.
Strengths and limits
What it does well: it teaches the security topics that genuinely bite working developers, it is co-taught with code throughout, and it covers input safety and rate limiting in real depth rather than a passing mention.
Where it is limited: the broad name oversells the scope, since this is app security rather than general cybersecurity; it assumes you can already build apps; and it sits behind Pro.
Related courses and comparisons
- Learn Express.js, where the auth topics apply directly
- Learn Node.js, the backend foundation
- Learn Firebase, for managed auth and data
- Scrimba vs Boot.dev, if you are weighing backend-focused platforms
No. It is a Scrimba Pro course, so it requires a subscription. Pro also unlocks the career paths, challenges, and certificates.
No. It is application security for developers, covering authentication, input safety, and rate limiting. It does not cover network security, ethical hacking, or security certifications.
It is co-taught by Rachel Johnson and Jonathan Hill, with hands-on code throughout the Scrimba player.
It helps. Several examples are server-side, and the material assumes you understand how requests, auth, and user input flow through an app. A framework like Express is good background.
About 5 hours of interactive content. Most learners spread it over one to two weeks of regular practice.