About Security Labs Community Edition
Veracode Security Labs Community Edition is a free, lightweight version of Security Labs designed for individuals.
While the Enterprise Edition of Veracode Security Labs is geared toward professional development teams, the Community Edition offers selected topics and one-off labs for individuals who are looking to strengthen their security knowledge. The Community Edition is intended to help individuals to improve their secure coding skills. It lets you work with real applications, applying the latest tactics and security best practices with guidance, while exploring actual code on your own time.
To use the Community Edition, go to Security Labs Community Edition and create an account. Then, use the verification email you receive from Veracode to activate it.
You can use this interactive catalog to browse the current Community Edition courses. For the latest updates on these courses, see Training updates.
OWASP Vulnerabilities for Web Apps
OWASP 1: Broken Access Control - Access control failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
To Protect and To Serve Secure Cookies New
OWASP Vulnerabilities for APIs
OWASP API 1: Broken Object Level Authorization - APIs can expose endpoints that handle object identifiers. Checks should be considered in every function that accesses a data source using input from the user.
One ID to Access All Objects New
Container Security
Containers Security in Docker #1 - Users - This is the first lesson in the "Whale Security Tales" series. In this lesson, you will explore the relationship between users in the host and users in the containers, and how this relationship affects container security.
Whale security tales - #1 Cloning users New
Basic Terminal Usage
Shell commands to navigate around directories and modify files. Common encoding patterns, cryptographic techniques, and command line tools.
Intro to Bash 1
Shell commands to navigate around directories and modify files.
Intro to Bash 2
Navigate files and folders more efficiently, and search for file contents.
Intro to Bash 3
Preview the contents of files; create new folders and move files around.
Encrypting, encoding and hashing
Common encoding patterns, cryptographic techniques, and command line tools.
Nano for text editing
Use Nano, a basic text editor, for creating and editing files.
Intro to bash scripting
Automate tasks by writing and running basic scripts in bash.
Common React Pitfalls
Vulnerabilities frequently encountered in ReactJS application development.
React string sanitization
Cause XSS through improper sanitization and poor variable handoff with React.
Sneaky links
Learn about a feature of HTML that can leave your React app open to XSS.
Dangerously set HTML links
React's dangerouslySetInnerHtml and markdown rendering craft a malicious href.
Juice Shop
A very vulnerable MEAN web app full of practice challenges.
Hidden Pages (Challenge)
Find carefully hidden pages.
Confidential Documents (Challenge)
Access unprotected confidential documents.
XSS Levels (Challenge)
Reflected and persistent XSS attacks of increasing difficulty.
Error Handling (Challenge)
Provoke an error that is not very gracefully handled.
Login Bypass (Challenge)
Log in with other users' accounts via SQL injection.
Credentials Dump (Challenge)
Retrieve a list of all user credentials via SQL injection.
Account Hijack (Challenge)
Access and modify another user's shopping cart.
Open Redirects (Challenge)
Redirect from the Juice Shop to external untrusted sites.
File Uploads (Challenge)
Improper input validation in user file uploads.