Skip to main content

Security Labs course catalog

You can use this interactive catalog to browse the current Security Labs courses. For the latest updates on these courses, see Training updates.

Learners can only access lessons that are assigned to them and the assigned lessons must be associated with an active campaign. To grant learners access to all major core lessons, an administrator can assign the All core labs focus without entering an end date.

Lessons are tagged with related Common Weakness Enumerations (CWEs) based on the MITRE framework. The CWEs listed indicate the related Pillar, Class, Base, and Variant CWEs for each lesson. If a CWE also has an assigned Likelihood of Exploit metric value, this value appears next to the CWE for the associated lesson with information about the vulnerability severity and prevalence.


Security Labs – Getting Started

Welcome to Security Labs! This topic helps you become familiar with the lab environment, so you can successfully find and remediate vulnerabilities while taking lessons.

Lesson Zero

.NET
10 pts
Java
10 pts
Node.js
10 pts
Go
10 pts
Python Django
10 pts
Python Flask
10 pts

OWASP 1: Broken Access Control

Access control failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.

To Protect and To Serve Secure Cookies

Tamper with an insecure cookie for privilege escalation.

CWE-1275CWE-1345CWE-284CWE-Medium
Python Django
20 pts
.NET
20 pts
Python Flask
20 pts
Rails
10 pts
Go
20 pts
Node.js
10 pts
PHP
10 pts
Scala
10 pts

Fix the Sessions

Tamper with user sessions to authenticate as a different user.

CWE-1275CWE-1345CWE-284
Java
10 pts

Bad Cookie (Challenge)

Decrypt cookies and hijack another user account.

CWE-1345CWE-1354CWE-565CWE-565 CWE-642CWE-784CWE-High
Node.js
10 pts
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Rails
10 pts
Scala
10 pts

Loose Lips Sink Servers

Leaking sensitive information can lead to account and server compromises.

CWE-1345CWE-199CWE-200CWE-201CWE-202CWE-598
Node.js
10 pts
.NET
10 pts

Secrets in the Log

While testing a new application, developers might write sensitive information to a log file, or log analyzer, which should not be included in a production system. It is critical that developers ensure no sensitive information is included in data that a malicious actor might be able to access, in either development or production systems.

CWE-201
Java
10 pts

Redirect Rodeo

Protect users by implementing secure redirect practices.

CWE-1345CWE-19CWE-601CWE-610
.NET
10 pts
Node.js
10 pts

Forging User Requests New

Cause a user to take unexpected, pre-authenticated actions.

CWE-1019CWE-1345CWE-345CWE-352
.NET
10 pts
New

OWASP 2: Cryptographic Failures

Failures related to cryptography (or lack thereof) often lead to exposure of sensitive data.

Bugs in Debug

Verbose error messages lead to exposed sensitive data.

CWE-1295CWE-1346CWE-259CWE-262CWE-328CWE-High
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Helpful Stack Trace (Challenge)

Provoke an error that reveals sensitive info, leading to privilege escalation.

CWE-1295CWE-1346CWE-259CWE-262CWE-328CWE-High
.NET
10 pts
Python Flask
10 pts
Python Django
10 pts
Rails
10 pts

Secret Logging (Challenge)

Force an application to throw an error and leak sensitive data in a stack trace.

CWE-1295CWE-1346CWE-259CWE-262CWE-328CWE-High
Python Flask
10 pts

OWASP 3: Injection

Exploiting and preventing SQL injection attacks that access sensitive data. Reflected and persistent cross-site scripting attacks. Content Security Policy.

Own the Database

Practice injection on a web app that uses a SQL database to retrieve data.

CWE-1347CWE-89CWE-943CWE-High
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
PHP
10 pts
Rails
10 pts
Scala
10 pts

Parameterize all the things

Defend against injection using an app that returns data from a SQL-based database.

.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Timing is everything (Challenge)

Indirectly reveal sensitive data using SQL 'sleep' commands.

Python Django
10 pts
Python Flask
10 pts

Bobby Tables (Challenge)

Use SQLi to return sensitive data, then properly parameterize queries to avoid injection attacks.

.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Can you see your reflection?

Practice exploiting simple cross-site scripting vulnerabilities to deliver JavaScript payloads.

CWE-1347CWE-74CWE-79CWE-80CWE-87CWE-High
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts
PHP
10 pts

Down with Uploads

Stored XSS and directory traversal via "image" uploads.

CWE-1347CWE-1348CWE-434CWE-74CWE-79CWE-80CWE-Medium
.NET
20 pts
Java
20 pts
Python Flask
20 pts
Node.js
20 pts
Python Django
20 pts
Scala
10 pts
PHP
10 pts

Alert (Challenge)

Exploit a non-persistent XSS vulnerability in a poorly protected app.

CWE-1347CWE-74CWE-79CWE-80CWE-87CWE-High
Python Flask
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Scala
10 pts

Persistence (Challenge)

Exploit directory traversal and persistent XSS vulnerabilities in a poorly protected app.

CWE-1345CWE-1347CWE-22CWE-23CWE-24CWE-73CWE-74CWE-High
Python Flask
20 pts
Java
10 pts
Node.js
20 pts
Python Django
20 pts
Rails
10 pts

Reflected XSS and input formatting

Cross-site scripting vulnerabilities with HTML input validation

CWE-1347CWE-74CWE-79CWE-80CWE-87CWE-High
Rails
10 pts

Stored XSS versus CSP

Defense in depth using CSP against XSS attacks.

CWE-1347CWE-1348CWE-434CWE-74CWE-79CWE-80CWE-Medium
.NET
20 pts
Node.js
20 pts
Scala
20 pts

Check your sources

Content Security Policy to prevent XSS and other code injection.

Java
20 pts
Python Django
20 pts

Angular HTML and URL sanitization

Cause XSS through improper sanitization and poor variable handoff with Angular.

Rails
10 pts

Angular ERB sanitization

Cause XSS through improper sanitization and poor variable handoff with Angular.

Rails
10 pts

OWASP 4: Insecure Design

Failing to initially think about and address security vulnerabilities at the design phase can lead to vulnerabilities and defects.

Making Secure Decisions

Insecure design decisions can lead to vulnerabilities at every level of an application.

CWE-1348CWE-657CWE-710
Node.js
10 pts
Java
10 pts
.NET
10 pts
Python Flask
10 pts
Python Django
10 pts
Go
10 pts

Valid Deficit

CWE-1173 occurs when an application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

CWE-1173CWE-1174CWE-1215CWE-1348CWE-20
Node.js
10 pts
.NET
10 pts
Java
10 pts

OWASP 5: Security Misconfiguration

Generating and storing secret keys securely.

Jot down this key

Modify JWTs by exploiting knowledge of an insecure secret key.

CWE-1349CWE-287CWE-312CWE-321CWE-798CWE-High
.NET
10 pts
Java
10 pts
Node.js
20 pts

Bulky Updates

Access hidden attributes to take unauthorized actions.

CWE-1349CWE-1354CWE-913CWE-915
Rails
10 pts

Can you keep a secret?

Generate a working session token for another user by exploiting knowledge of an insecure secret key.

CWE-1349CWE-287CWE-312CWE-321CWE-798
Python Flask
10 pts
Go
20 pts
Node.js
10 pts
PHP
10 pts
Python Django
20 pts
Scala
10 pts

Secret Admin (Challenge)

Escalate JWT user privileges by exploiting knowledge of an insecure secret key.

CWE-1349CWE-287CWE-312CWE-321CWE-798
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts
Scala
10 pts

eXternal Entity (injection)

Unsafe entity parsing reveals the contents of server files.

CWE-1347CWE-1349CWE-610CWE-611
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

XML is always a... (Challenge)

Get access to sensitive data by injecting custom XML.

CWE-1347CWE-1349CWE-610CWE-611
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

External Resolution (Challenge)

Retrieve a system file by injecting custom XML, then defend against XXE.

CWE-1347CWE-1349CWE-610CWE-611
Python Flask
10 pts

OWASP 6: Vulnerable and Outdated Components

Keep tabs on outdated dependencies with known security weaknesses.

Suspicious Packages

Find and exploit vulnerabilities in outdated packages.

CWE-1104CWE-1320CWE-1352CWE-1357
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Rails
10 pts
PHP
10 pts
Scala
10 pts

Outdated Dependencies (Challenge)

Find and upgrade an outdated, vulnerable dependency.

CWE-1104CWE-1320CWE-1352CWE-1357
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts
Scala
10 pts

OWASP 7: Identification and Authentication Failures

Enforcing user password requirements and properly encrypting passwords.

Really, really bad passwords

Enforce server-side password requirements and hash passwords securely.

CWE-1353CWE-287CWE-521CWE-High
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Hash it, store it, salt - upgrade it

Encrypting user passwords securely.

CWE-1346CWE-1353CWE-327CWE-759CWE-760CWE-916CWE-High
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts
.NET
10 pts

Authentication Bypass

"Force browse" to an unprotected page to discover confidential information.

CWE-1345CWE-1353CWE-285CWE-425CWE-862CWE-High
Go
10 pts
Node.js
10 pts

Terrible Password (Challenge)

SQLi and poor password hashing lead to exposed user accounts.

CWE-1346CWE-1353CWE-327CWE-759CWE-760CWE-916CWE-High
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Node.js
10 pts
Rails
10 pts
Scala
10 pts

OWASP 8: Software and Data Integrity Failures

It is a new category for 2021, focusing on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. One of the highest weighted impacts from Common Vulnerability and Exposures/Common Vulnerability Scoring System (CVE/CVSS) data mapped to the 10 CWEs in this category. A8:2017-Insecure Deserialization is now a part of this larger category.

Sleeping With the Enemy

Investigate the integrity of a useful third-party library.

CWE-1214CWE-1354CWE-829CWE-830
.NET
10 pts
Node.js
10 pts

In a Pickle

Data serialization leads to dangerous user-provided payloads.

CWE-1354CWE-399CWE-502CWE-913CWE-Medium
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Python Django
10 pts
PHP
10 pts
Scala
10 pts

Deserialization (Challenge)

Use pickling to reveal the code of the underlying application.

CWE-1354CWE-399CWE-502CWE-913CWE-Medium
Python Flask
10 pts
Java
10 pts

Mongo: like SQL, but messier

View non-public posts by supplying a document query as user input.

Node.js
10 pts

Tell Mongo "no-go" for untrusted code

Defend against NoSQL IDOR on a NodeJS app that uses MongoDB to store and retrieve data.

CWE-566CWE-639
Node.js
10 pts

User-Provided Users

Exposed, unhashed user IDs are modifiable by users.

CWE-566CWE-639
Rails
10 pts

Prototype Protection Agency

Lax or missing input validation can lead to data corruption.

CWE-1321CWE-1354CWE-502CWE-915
Node.js
10 pts

OWASP 9: Security Logging and Monitoring Failures

Rate-limit sensitive actions and block attacks as they happen.

Slow Down

Brute force a user's password on a non-rate-limited login page.

CWE-1348CWE-1355CWE-307CWE-770CWE-799
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Rails
10 pts
PHP
10 pts
Scala
10 pts

Brute Force (Challenge)

Brute force a user's password on a non-rate-limited login page.

CWE-1348CWE-1355CWE-307CWE-770CWE-799
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts

Hold the Line

Learn how attackers use CRLF injection to flood log files with false events and how to remediate a CRLF vulnerability.

CWE-116CWE-117CWE-1355CWE-93
Node.js
10 pts
.NET
10 pts
Java
10 pts

OWASP 10: Server-Side Request Forgery

SSRF flaws can occur when a web application fetches a remote resource without validating the user-supplied URL.

Get there from here

CWE-1356CWE-441CWE-610CWE-918
Java
10 pts
Node.js
10 pts
.NET
10 pts
Python Flask
10 pts
Python Django
10 pts
Go
10 pts

Beyond OWASP Top 10: Other Web App Risks

This module contains the CWEs, vulnerabilities, and flaws that don't quite fit into the OWASP Top 10 categories.

Do You Remember?

Memory management might seem like a problem from the distant past, but it can still cause issues if not implemented properly.

CWE-399CWE-404CWE-772
.NET
10 pts

Know Your Limits

Resource limits can be exceeded when either hard limitations, or software settings have been reached. CWE-404 describes Improper Resource Shutdown or Release weaknesses that should be avoided.

CWE-399CWE-404CWE-770CWE-772
Java
10 pts

OWASP API 1: Broken Object Level Authorization

APIs can expose endpoints that handle object identifiers. Checks should be considered in every function that accesses a data source using input from the user.

One ID to Access All Objects

.NET
10 pts
Java
10 pts

Stronger IDs

.NET
10 pts
Java
10 pts

OWASP API 2: Broken User Authentication

Incorrectly implemented authentication mechanisms can allow attackers to compromise authentication tokens or to exploit implementation flaws to assume another user's identity.

Really, really bad passwords

.NET
10 pts
Java
10 pts

Terrible Password (Challenge)

.NET
10 pts
Java
10 pts

OWASP API 3: Excessive Data Exposure

While creating generic implementations, developers may expose object properties, relying on clients to filter data before displaying it to the user.

Bugs in Debug

.NET
10 pts
Java
10 pts

Revealing Schemas

.NET
10 pts
Java
10 pts

OWASP API 4: Lack of Resources & Rate Limiting

When APIs do not impose any restrictions on the size or number of resources that can be requested, it can affect performance, lead to DoS, and leave the system vulnerable to authentication flaws such as brute force.

Slow Down

.NET
10 pts
Java
10 pts

Brute Force (Challenge)

.NET
10 pts
Java
10 pts

Denial of Service

CWE-770
.NET
10 pts
Java
10 pts

OWASP API 5: Broken Function Level Authorization

Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, can lead to authorization flaws. By exploiting these issues, attackers gain access to other users’ resources and/or administrative functions.

Neglected endpoints

.NET
10 pts
Java
10 pts

OWASP API 6: Mass Assignment

Binding client-provided data to data models, without proper (allowlist) filtering usually leads to Mass Assignment. Guessing or discovering object properties can allow attackers to modify object properties they should not.

Bad Design Compromises Security

.NET
10 pts
Java
10 pts

OWASP API 7: Security Misconfiguration

Security misconfiguration causes include unsecure default configurations, incomplete or ad-hoc configurations, open cloud storage, misconfigured HTTP headers, unnecessary HTTP methods, permissive, or verbose error messages containing sensitive information.

Jot down this key

.NET
10 pts
Java
10 pts

Secret Admin (Challenge)

.NET
10 pts
Java
10 pts

eXternal Entity (injection)

.NET
10 pts
Java
10 pts

XML is always a (Challenge)

.NET
10 pts
Java
10 pts

OWASP API 8: Injection

Injection flaws, such as SQL, NoSQL, Command Injection, and so forth can occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s malicious data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Own the database

.NET
10 pts
Java
10 pts

Parameterize all the things

.NET
10 pts
Java
10 pts

Bobby Tables (Challenge)

.NET
10 pts
Java
10 pts

OWASP API 9: Improper Assets Management

APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. Proper hosts and deployed API versions inventory also play an important role to mitigate issues such as deprecated API versions and exposed debug endpoints.

Unprotected Deployments New

It is important for developers to add the same level of security to their development, test, QA, and other environments, as they do for production.

.NET
10 pts
Java
10 pts
New

OWASP API 10: Insufficient Logging & Monitoring

Insufficient logging and monitoring, along with ineffective integration with incident response, allows attackers to attack systems, maintain persistence, pivot to more systems to tamper with, and extract, or destroy data. The average time to detect a breach is over 200 days.

The Importance of Logging and Monitoring New

Log files are critical to enhance security. They provide a way to monitor how your API is being used, providing a way to avoid an underlying attack.

.NET
10 pts
Java
10 pts
New

Logging in the API Infrastructure New

The API infrastructure is offered by the technology stack and includes authorization, authentication, exception handling, routing, and so forth. Logging at the infrastructure level helps to detect attacks that would otherwise be impossible to detect at the API implementation level.

.NET
10 pts
Java
10 pts
New

Secure C++ Programming: Best Practices

Prevent the compilation of programs using unsafe functions with banned function headers.

Forbidden Functions

A banned function header prevents the compilation of programs using unsafe functions.

C++
10 pts

Time and Time Again

A side-channel timing attack reveals sensitive information.

C++
10 pts

Secure C++ Programming: Bitwise Shifts

Low-level operations with undefined results.

Shifty RSA

An RSA implementation allows for invalid bit shifts.

C++
10 pts

Secure C++ Programming: Compilers

Sensitive data leaked through insecure compiler optimizations.

Optimal Memory

A program that checks user input against a password file leaves sensitive data in memory.

C++
30 pts

Secure C++ Programming: Files

Overwriting system files through race conditions.

Race condition

An encryption program allows system files to be overwritten through a race condition.

CWE-367
C++
10 pts

Secure C++ Programming: Heap Overflows

Unsafe character arrays, null terminators, and use of GDB to examine heap memory.

Take Note!

A note-taking program copies strings to the heap unsafely.

CWE-122
C++
30 pts

Secure C++ Programming: Integer Overflows

Overflowing short integers and wraparound of unsigned integers.

Short Scores

A program to add golf scores is susceptible to overflowing.

CWE-190
C++
10 pts

Unsigned Messages

A message parsing utility uses unsafe range checks.

CWE-190
C++
20 pts

Coercive Login

Use integer coercion to log in as an admin user.

CWE-190
C++
10 pts

Secure C++ Programming: Iterators and Sequence Containers

Leaked data through unsafe iteration and unsafe access of container indices.

Go The Distance (but not too far)

A program to parse input from a file iterates unsafely, resulting in leaked data.

C++
10 pts

Pinball Wizard

A program to display high scores trusts user input, leading to multiple vulnerabilities.

C++
20 pts

Secure C++ Programming: Memory Management

Accessing freed memory when unsafe parsing keeps deallocated pointers accessible.

Use After Free

An HTML rendering engine parses input unsafely, keeping a deallocated pointer accessible.

CWE-416
C++
10 pts

Secure C++ Programming: Overreads

Buffer overruns common to parsing utilities, and the dangers of relying on side effects.

Passed Date

A date parsing and formatting utility allows for buffer over-reads.

C++
10 pts

Trivial Side Effects

A trivia program reveals sensitive data by poorly tracking player scores.

C++
10 pts

Secure C++ Programming: Stack Overflows

Unsafe string copying and incomplete string comparisons.

Triple Word Score

A Scrabble score calculator copies user input unsafely.

CWE-121CWE-170
C++
10 pts

Secure C++ Programming: Threads

Poor use of mutex locks leads to exceptions.

Lock down the threads

Poor use of mutex locks leads to exceptions.

C++
10 pts

General Application Security: Common React Pitfalls

Vulnerabilities frequently encountered in ReactJS application development.

React string sanitization

Cause XSS through improper sanitization and poor variable handoff with React.

Node.js
10 pts

Sneaky links

Learn about a feature of HTML that can leave your React app open to XSS.

Node.js
10 pts

Dangerously set HTML links

React's dangerouslySetInnerHtml and markdown rendering craft a malicious href.

Node.js
10 pts

General Application Security: Cross-Site Scripting (XSS)

Content Security Policy

CSP to prevent XSS and other code injection.

Python Django
20 pts
Node.js
20 pts

Persistent Cross-Site Scripting

Stored XSS and directory traversal via "image" uploads.

Python Django
20 pts
Node.js
20 pts

Reflected Cross-Site Scripting

Inject inline JavaScript into a Go template through JSON input.

Go
10 pts
Python Django
10 pts
Node.js
10 pts

General Application Security: User Data Privacy

An app to track users' jogging habits can benefit from improved data handling practices.

PII Storage

De-identify and limit or do not collect sensitive user data

Node.js
10 pts

Access and Erasure

Let users see their stored data, delete their data, and have the 'right to be forgotten'

Node.js
20 pts

Rectification

Let users supply corrections to their data

Node.js
10 pts

Data Portability

Let users export their data in a machine-readable format

Node.js
10 pts

Informed Consent

Let users actively choose to give consent for clear, specific data collection, as well as opting out

Node.js
10 pts

General Application Security: CWE-319 Cleartext Transmission of Sensitive Data

Sensitive traffic is sent over unencrypted HTTP.

See-through traffic

Sniff a user's credentials via insecure HTTP requests.

Node.js
10 pts
Go
10 pts

General Application Security: CWE-352 Cross-Site Request Forgery

Forge valid requests from authenticated users.

Forging user requests

Cause a user to take unexpected, pre-authenticated actions.

CWE-352
Python Django
10 pts
Rails
10 pts
Go
10 pts

General Application Security: CWE-601 Open Redirects

Unchecked URL redirection to untrusted sites.

The Art of Redirection

URL redirects cause users to automatically visit untrusted sites.

CWE-1345CWE-19CWE-601CWE-610
Node.js
10 pts

No Going Back (Challenge)

Work around a URL redirect safety check, then provide an allowlist.

CWE-1345CWE-19CWE-601CWE-610
Node.js
10 pts

General Application Security: CWE-1021 Improper Restriction of Frames

A lack of response header allows the application to load in an external frame.

You've been framed

A clickjacking attack tricks users into taking intended actions.

Rails
10 pts

Mobile Security

Writing more secure mobile applications.

Custom URL Handling

Explore custom URL schemes, used to allow other applications to request that your app take some action.

Kotlin
10 pts
Swift
10 pts

Secrets Storage

Explore how shared secrets can be vulnerable to attack.

Kotlin
10 pts
Swift
10 pts

Forced Browsing & API Security

Explore how a forced browsing attack can occur when a malicious actor locates unlinked contents.

Swift
10 pts

Mobile Logging

Explore the role of application logging.

Swift
10 pts

PCI: Broken Authentication & Session Management

Secret key management

Modify JWTs by exploiting knowledge of an insecure secret key.

Python Django
20 pts

Secure session cookies

Tamper with an insecure cookie to hijack another user's account.

Python Django
20 pts
Node.js
10 pts

Cookie hijack (Challenge)

Decrypt cookies and hijack another user account.

Node.js
10 pts

PCI: Improper Access Control

Pickling and deserialization

Access restricted content via insecure serialized input.

Python Django
10 pts

NoSQL with Mongo

View non-public posts by supplying a document query as user input.

Node.js
10 pts

Open redirects

URL redirects cause users to automatically visit untrusted sites.

Node.js
10 pts

PCI: Improper Error Handling

Debug mode in production

Verbose error messages lead to exposed sensitive data.

Python Django
10 pts
Node.js
10 pts

Stack Trace (Challenge)

Use revealing errors to gain admin permissions.

Python Django
10 pts

PCI: Injection Flaws

SQL injection

Use SQL injection to give yourself superuser privileges.

Python Django
10 pts
Go
10 pts
Node.js
10 pts

Parameterize queries

Defend against injection attacks by using safe database lookups.

Python Django
10 pts
Go
10 pts
Node.js
10 pts

Bobby Tables SQLi (Challenge)

Use SQLi to return sensitive data, then properly parameterize queries to avoid injection attacks.

Python Django
10 pts
Go
10 pts
Node.js
10 pts

PCI: Insecure Cryptographic Storage

Storing password hashes

Encrypting data to store sensitive information securely.

Python Django
10 pts
Node.js
10 pts

Terrible Password (Challenge)

SQLi and poor hashing lead to exposed passwords.

Node.js
10 pts

PCI: Other High-Risk Vulnerabilities

Outdated third-party dependencies

Keep tabs on outdated packages with known security weaknesses.

Python Django
10 pts
Node.js
10 pts

Bash Terminal Usage: Beginner

Navigate around system file and folders using the bash shell.

Introduction to Bash 1

Shell commands to navigate around directories and modify files.

Bash Shell
10 pts

Introduction to Bash 2

Navigate files and folders more efficiently, and search for file contents.

Bash Shell
10 pts

Introduction to Bash 3

Preview the contents of files; create new folders and move files around.

Bash Shell
10 pts

Bash Terminal Usage: Intermediate

Additional bash skills: text editing, scripting, and additional command line tools.

Encrypting, encoding and hashing

Common encoding patterns, cryptographic techniques, and command line tools.

Bash Shell
10 pts

Introduction to bash scripting

Automate tasks by writing and running basic scripts in bash.

Bash Shell
10 pts

Nano for text editing

Use Nano, a basic text editor, for creating and editing files.

Bash Shell
10 pts

DjanGoat

A vulnerable Django application for OWASP Top 10 practice challenges.

Sensitive Data Exposure (Challenge)

Python Django
10 pts

Cleartext Storage (Challenge)

Python Django
10 pts

Missing Function Level Access Control (Challenge)

Python Django
10 pts

DOM XSS (Challenge)

Python Django
10 pts

Insecure Direct Object Reference (Challenge)

Python Django
10 pts

SQL Injection Interpolation (Challenge)

Python Django
10 pts

SQL Injection Concatenation (Challenge)

Python Django
10 pts

Stored XSS (Challenge)

Python Django
10 pts

Command Injection (Challenge)

Python Django
10 pts

Credential Enumeration (Challenge)

Python Django
10 pts

Forensics

Work with disk images and investigate the contents of system files.

Creating a disk image

Learn how to acquire a disk image using the forensic tool dc3dd.

Forensics
10 pts

Metadata with ExifTool

View and modify the metadata associated with multimedia files.

Forensics
10 pts

Working with a disk image

Hard disk image analysis with the sleuthkit (TSK), a standard forensic tool.

Forensics
10 pts

Analyzing log files

Uncover evidence of an attack by analyzing a system's logs.

Forensics
20 pts

Juice Shop

Very vulnerable MEAN web app full of practice challenges.

Error Handling (Challenge)

Provoke an error that is not very gracefully handled.

Node.js
10 pts

Login Bypass (Challenge)

Log in with other users' accounts via SQL injection.

Node.js
20 pts

Credentials Dump (Challenge)

Retrieve a list of all user credentials via SQL injection.

Node.js
10 pts

XSS Levels (Challenge)

Reflected and persistent XSS attacks of increasing difficulty.

Node.js
30 pts

File Uploads (Challenge)

Improper input validation in user file uploads.

Node.js
10 pts

Hidden Pages (Challenge)

Find carefully hidden pages.

Node.js
10 pts

Confidential Documents (Challenge)

Access unprotected confidential documents.

Node.js
30 pts

Open Redirects (Challenge)

Redirect from the Juice Shop to external untrusted sites.

Node.js
20 pts

Account Hijack (Challenge)

Access and modify another user's shopping cart.

Node.js
20 pts