Skip to main content

Training updates - Commercial

· 7 min read

The updates on this page apply to Veracode Security Labs and Veracode eLearning. Security Labs is only supported in the Commercial Region. eLearning is supported in all Veracode regions.

February 7, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • New OWASP 1: Forging User Requests (.NET)

OWASP API Security Top 10 labs

  • New OWASP API 10: The Importance of Logging and Monitoring (Java)
  • New OWASP API 10: Logging in the API Infrastructure (Java)

January 16, 2024

New Security Labs lesson

OWASP API Security Top 10 labs

  • New OWASP API 9: Unprotected Deployments (Java)

December 6, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

  • New OWASP 1: Redirect Rodeo (.NET, JavaScript)
  • New OWASP 8: Prototype Protection Agency (JavaScript)

OWASP API Security Top 10 labs

  • New OWASP API 8: Own the Database (Java)
  • New OWASP API 8: Parameterize All the Things (Java)
  • New OWASP API 8: Bobby Tables (Java)

November 1, 2023

New Security Labs lessons

OWASP API Security Top 10 labs

  • New API 7: Jot Down This Key (Java)
  • New API 7: Secret Admin (Java)
  • New API 7: eXternal Entity (Java)
  • New API 7: XML is Always a Challenge (Java)

May 3, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New OWASP 10: Get There From Here (Python, Go)

April 5, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New OWASP 10: Get There From Here (.NET, Flask)

OWASP API Security Top 10 labs

  • New API 5: Neglected Endpoints (Java)
  • New API 6: Bad Design Compromises Security (Java)
  • New API 6: Bad Design Compromises Security (.NET) (revamped!)

March 1, 2023

New Security Labs lessons

Getting Started Labs

New Getting Started - Lesson Zero (Flask, Go, Python)

OWASP Top 10 2021 labs

  • New OWASP 1: Broken Access Control - Secrets in the Log (Java)
  • New OWASP 4: Making Secure Decisions (Flask, Go, Python)

OWASP API Security Top 10 labs

  • New API 4: Slow Down (Java)
  • New API 4: Brute Force (Java)
  • New API 4: Denial of Service (Java)

February 1, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

  • New OWASP 1: Broken Access Control - Loose Lips Sink Servers (Dotnet)
  • New Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)

OWASP API Security Top 10 labs

  • New API 3: Bugs in Debug (Java)
  • New API 3: Revealing Schemas (Java)

January 4, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (Dotnet)

OWASP API Security Top 10 labs

  • New API 2: Really, Really Bad Passwords (Java)
  • New API 2: Terrible Password (Java)

December 6, 2022

New Security Labs lessons

OWASP Top 10 2021 labs

  • New OWASP 4: Insecure Design - Insecure Decisions (Dotnet, Java)
  • New OWASP 4: Making Secure Decisions (Java)

OWASP API Security Top 10 labs

  • New API 1: One ID to Access All Objects (Java)
  • New API 1: Stronger IDs (Java)

Getting Started Labs

New Getting Started - Lesson Zero (Java, Node)

November 1, 2022

New Security Labs lessons

OWASP Top 10 2021 labs

  • New OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
  • New OWASP 4: Insecure Design - Valid Deficit (Dotnet)

OWASP API Security Top 10 labs

New API 4: Lack of Resources & Rate Limiting - Denial of Service

October 4, 2022

New Security Labs lessons

OWASP Top 10 2021 labs

  • New OWASP 4: Insecure Design - Valid Deficit (Node)
  • New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Dotnet, Java)

September 26, 2022

Topic Progress Bar Now Focused on Required Labs

In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.

September 6, 2022

One New Security Labs Lesson

OWASP Top 10 2021 labs

New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)

August 24, 2022

New Click-Through Tour

August 3, 2022

Three New API Security Labs Lessons

OWASP API Security Top 10 labs

  • New API 9 Improper Assets Management - Unprotected deployments (.NET)
  • New API 10 Insufficient Logging & Monitoring - The Importance of Logging and Monitoring (.NET)
  • New API 10 Insufficient Logging & Monitoring - Logging in the API Infrastructure (.NET)

July 6, 2022

Seven New API Security Labs Lessons and One Updated OWASP Course

OWASP API Security Top 10 labs

  • New API 7 Security Misconfiguration - Jot down this key (.NET)
  • New API 7 Security Misconfiguration - Secret Admins (.NET)
  • New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
  • New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
  • New API 8 Injection - Own the database (.NET)
  • New API 8 Injection - Parameterize all the things (.NET)
  • New API 8 Injection - Bobby Tables (.NET)

OWASP Top 10:2021:10 Server-Side Request Forgery

New Get There From Here (Node)

June 30, 2022

Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials

  • Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
  • Added two new AppSec Tutorials on Learner Level 2

June 1, 2022

The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses

OWASP API Security Top 10 labs

  • API5:2019 Neglected endpoints (.NET)
  • API6:2019 Bad Design Compromises Security (.NET)

OWASP Top 10 2021 labs

See the Course Catalog for more details.

  • A01:2021 Broken Access Control
  • A02:2021 Cryptographic Failures
  • A03:2021 Injection
  • A05:2021 Security Misconfiguration
  • A06:2021 Vulnerable and Outdated Components
  • A07:2021 Identification and Authentication Failures
  • A08:2021 Software and Data Integrity Failures
  • A09:2021 Security Logging and Monitoring Failures

May 19, 2022

The Security Training Team Released Three New eLearning Courses and Updated One Course

  • Updated A04: eLearning Secure Architecture and Design
  • New OWASP Top 10 2021
  • New A10: Server-Side Request Forgery AppSec Tutorial
  • New A08: Software and Data Integrity Failures AppSec Tutorial

May 4, 2022

The Security Training Team Released Seven Labs

OWASP API Security Top 10 Labs:

  • API3:2019 Excessive Data Exposure - Bugs in Debug (.NET)
  • API3:2019 Excessive Data Exposure - Revealing Schemas (.NET)
  • API4:2019 Lack of Resources and Rate Limiting - Slow Down (.NET)
  • API4:2019 Lack of Resources and Rate Limiting - Brute Force (.NET)

OWASP Top 10 2021 Labs:

  • A04:2021 Insecure Design - Making Secure Decisions (.NET)
  • A08:2021 Software and Data Integrity Failures - Sleeping With the Enemy (.NET, Node)
  • A10:2021 Server-Side Request Forgery - Get There From Here (Java)

April 6, 2022

Two New Labs

  • OWASP API #1 - Broken Object Level Authorization
  • OWASP API #2 - Broken User Authentication