Security Labs Courses

Practice SQLi on an app that uses SQLite to retrieve data.

Defend against SQL injection using an app that returns data from an H2 database

Use SQLi to return sensitive data, then properly parameterize queries to avoid injection attacks.

Indirectly reveal sensitive data using SQL ‘sleep’ commands.

Enforcing server-side and client-side password requirements for users.

Encrypting user passwords securely.

SQLi and poor hashing lead to exposed passwords.

Force browse to an unprotected page to discover confidential information.

Verbose error messages lead to exposed sensitive data.

Use exposed information in stack traces to exploit a vulnerable application.

Force an application to throw an error and leak sensitive data in a stack trace.

Unsafe entity parsing reveals the contents of server files.

Get access to sensitive data by injecting custom XML.

Retrieve a system file by injecting custom XML, then defend against XXE.

Unsafe entity parsing reveals the contents of server files.

Tamper with an insecure cookie for privilege escalation.

Decrypt cookies and hijack another user account.

Modify JWTs by exploiting knowledge of an insecure secret key.

Modify JWTs by exploiting knowledge of an insecure secret key.

Access hidden attributes to take unauthorized actions.

Escalate JWT user privileges by exploiting knowledge of an insecure secret key.

Practice exploiting simple cross-site scripting vulnerabilities to deliver JavaScript payloads.

Exploit stored cross-site scripting via "image" uploads.

Content Security Policy to prevent XSS and other code injection.

Exploit a non-persistent XSS vulnerability in a poorly protected app.

Exploit directory traversal and persistent XSS vulnerabilities in a poorly protected app.

Defense in depth using CSP against XSS attacks.

Cause XSS through improper sanitization and poor variable handoff with Angular.

Cause XSS through improper sanitization and poor variable handoff with React.

Cause XSS through improper sanitation and poor variable handoff with Angular.

A vulnerable serialization library allows dangerous user payloads.

View non-public posts by supplying a document query as user input.

Defend against NoSQL IDOR on a NodeJS app that uses MongoDB to store and retrieve data.

Use pickling to reveal the code of the underlying application.

Exposed, unhashed user IDs are modifiable by users.

Find and exploit vulnerabilities in an outdated Java Spring application.

Find and upgrade an outdated, vulnerable dependency.

Brute-force a user's password on a non-rate-limited login page.

Bruteforce a user's credentials, then implement rate limiting.

Sniff a user's credentials via insecure HTTP requests.

URL redirects cause users to automatically visit untrusted sites.

Work around a URL redirect safety check, then provide an allowlist.

Cause a user to take unexpected, pre-authenticated actions.

A clickjacking attack tricks users into taking intended actions.

Cause XSS through improper sanitization and poor variable handoff with React.

Learn about a feature of HTML that can leave your React app open to XSS.

React's dangerouslySetInnerHtml and markdown rendering craft a malicious href.

Shell commands to navigate around directories and modify files.

Navigate files and folders more efficiently, and search for file contents.

Preview the contents of files; create new folders and move files around.

Use Nano, a basic text editor, for creating and editing files.

Common encoding patterns, cryptographic techniques, and command line tools.

Automate tasks by writing and running basic scripts in bash.

Find (not so) carefully hidden pages.

Log in with other users' accounts via SQL injection.

Reflected and persistent XSS attacks of increasing difficulty.

Retrieve a list of all user credentials via SQL injection.

Access and modify another user's shopping cart.

Access unprotected confidential documents.

Redirect from the Juice Shop to external untrusted sites.

Improper input validation in user file uploads.

Provoke an error that is not very gracefully handled.

Learn how to acquire a disk image using the forensic tool dc3dd.

Hard disk image analysis with the sleuthkit (TSK), a standard forensic tool.

Uncover evidence of an attack by analyzing a system's logs.

View and modify the metadata associated with multimedia files.

A banned function header prevents the compilation of programs using unsafe functions.

A side-channel timing attack reveals sensitive information.

An RSA implementation allows for invalid bit shifts.

A program that checks user input against a password file leaves sensitive data in memory.

An encryption program allows system files to be overwritten through a race condition.

A note-taking program copies strings to the heap unsafely.

A program to add golf scores is susceptible to overflowing.

A message parsing utility uses unsafe range checks.

Use integer coercion to log in as an admin user.

A program to parse input from a file iterates unsafely, resulting in leaked data.

A program to display high scores trusts user input, leading to multiple vulnerabilities.

A date parsing and formatting utility allows for buffer over-reads.

A trivia program reveals sensitive data by poorly tracking player scores.

A Scrabble score calculator copies user input unsafely.

An HTML rendering engine parses input unsafely, keeping a deallocated pointer accessible.

Poor use of mutex locks leads to exceptions.

De-identify and limit or do not collect sensitive user data.

Let users actively choose to give consent for clear, specific data collection, as well as opting out.

Let users see their stored data, delete their data, and have the 'right to be forgotten.

Let users supply corrections to their data.

Let users export their data in a machine-readable format.

How to handle custom protocol in different operation systems and launching applications using custom browser protocols.

How to securely store secret credentials or API keys that you need to have in your app.

Prevent attackers from accessing resources that they should not be able to access.

Best practices for logging  when developing a mobile application.

Explore the Security Labs environment and learn how to use lesson step features.

Learn how attackers crack a password hashed with SHA-512 using rainbow tables, then learn how to prevent it.

Best practices when it comes to user passwords, including sensible ways and really, really bad ways to enforce user password requirements.

Learn how to create stronger object IDs to discourage malicious users from being able to attack your API at the object level.

Learn how to remediate object-level authorization vulnerabilities to protect the objects from unauthorized clients.

In this lesson, you will learn:

• How exception messages can reveal information to attackers
• How the debug mode compromises the security
• To protect your API from excessive data exposure

In this lesson, you will learn:

• The JSON responses in API reveal information to attackers
• The difference between response models and the domain models
• How to organize your code to avoid revealing internal information
• How to organize your code to increase maintainability

In this lesson, you will learn:

• How attackers perform brute-force attacks
• How to set up password requirements
• How to apply rate limit to the login process

In this challenge, you will learn:

• How attackers guess passwords by brute-force attacks
• How the implementation of rate-limiting prevents password guessing

Don't let attackers drain your computational resources, be prepared with this lesson where you will learn about Denial of Service and how to avoid it.

In this lesson, you will learn:

• How API endpoints structure can be exploited by attackers
• How attackers scan for hidden API endpoints
• How to implement policies to protect API endpoints

In this lesson, you will learn:

• How API payloads can be exploited by attackers
• How to control model properties to avoid unauthorized access
• How to apply the separation of concern principle to your models

In this challenge, you will use your knowledge to:

• Query the system tables to access database table and column information using SQL injection
• Get access to private information using data collected from system tables

Parameterize a query to avoid SQL Injection

In this lesson, you will learn:

• How to verify that queries are vulnerable to SQL Injection

How to parameterize the queries to avoid SQL Injection

In this lesson, you will learn:

• How SQL injection attacks work
• How attackers get access to sensitive content using SQL Injection

The best practices to avoid SQL Injection

In this challenge, you will use your knowledge to:

• Get access to a source code file through XML
• Remediate the XML external entity vulnerability

In this lesson, you will learn:

• How the XML external entity attack works
• How attackers get access to private resources using malicious XML payloads
• How to avoid the XML external entity attack

In this challenge, you will use your knowledge to:

• Decode JSON Web Tokens (JWT)
• Modify token claims to authenticate as an admin user
• Modify old tokens to make them valid

In this lesson, you will learn:

• How to Decode JSON Web Tokens (JWT)
• How attackers modify JWTs
• The best practices to protect secret keys

• How server-side request forgery works. 
• How attackers get access to sensitive content using SSRF.
• The best practices to avoid SSRF vulnerabilities.

In this lesson, you will learn:

• How attackers scan API routes to find other environments
• How security failures in non-production environments can affect the entire system
• How to protect API deployments in multiple environments

In this lesson, you will learn:

• The importance of logging for detecting some attacks on your API
• How to produce good log entries
• How logging is related to monitoring tools

In this lesson, you will learn:

• The different levels to implement logging
• How to implement logging at the API infrastructure level
• The importance of monitoring tools to detect anomalous activities in your API

Learn how attackers can use CRLF injection to flood log files with false events and how to remediate CRLF vulnerabilities (CWE-117).

In this lesson, you will learn that insecure design decisions can lead to vulnerabilities at every level of an application.

In this lesson, you will learn how insufficient validation of user data can lead to impacts on the usability and integrity of a site.

In this lesson, you will learn how information leakage can lead to the exposure of sensitive data.

• In this lesson, you will learn how information leakage can lead to the exposure of sensitive data.

Memory management might seem like a problem from the distant past, but it can still cause issues if not implemented properly.

Resources can become unavailable when either hard limitations or software settings have been reached. CWE-404 describes Improper Resource Shutdown or Release issues that developers should avoid.