Skip to main content
Blackboard Help


Blackboard strives to be vigilant at building security into its products and providing prompt and carefully tested product updates. Customers can have confidence that Blackboard is following industry-accepted security practices. Blackboard develops Blackboard Learn™ according to a set of security engineering guidelines derived from many organizations such as the Open Web Application Security Project (OWASP), including specific countermeasures for OWASP Top Ten vulnerabilities. Blackboard incorporates these security practices in all phases of the software development lifecycle (SDLC).

Blackboard utilizes several methods to protect our applications including "top-down" security assessments through Threat Modeling and analysis as well as "bottom-up" code-level threat detection through static analysis, dynamic analysis, and manual penetration testing.

Blackboard follows best practice guidance from many organizations to help strengthen the security of Blackboard Learn's product and program. A few organizations are noted here:

  • National Institute of Standards and Technology (NIST)
  • European Network and Information Security Agency (ENISA)
  • SANS Institute
  • Open Web Application Security Project (OWASP)
  • Cloud Security Alliance (CSA)

Security threats and countermeasures surrounding Learning Management Systems are ever-changing. Thus, Blackboard regularly assesses its Product Security Roadmap. In the past year (2012), customers should have been able to feel a strong security presence and see demonstrable results. Customers can feel a presence of security on Behind the Blackboard with our detailed security advisories and patches, the EU Cookie Disclosure Building Block, downloadable Security Webinars, and a dedicated channel to report security issues, Recent security feature additions include: 

Blackboard Learn, Release 9.1 Service Pack 8

Customers can now run the latest Apache web server (no more bundled-with-Learn), new standardized security authentication logs, and SSL Offloading support.

Blackboard Learn, Release 9.1 Service Pack 10

Ability to render student-uploaded files more safely, to better sanitize student-entered HTML (Safe HTML Building Block), a new way to receive security updates even faster (Input Validation Filter Building Block), and a new Security API that Building Block Developers may leverage (complete with sample B2 to use it).

Blackboard Learn, Release 9.1 Service Pack 12

A new standardized security log. Industry accepted user password storage that uses the salted SHA-512 standard for institutions that use the internal authenticator.