Skip to main content

Security Labs course catalog

You can use this interactive catalog to browse the current Security Labs courses. For the latest updates on these courses, see Training updates.

Learners can only access lessons that are assigned to them and the assigned lessons must be associated with an active campaign. To grant learners access to all major core lessons, an administrator can assign the All core labs focus without entering an end date.

Lessons are tagged with related Common Weakness Enumerations (CWEs) based on the MITRE framework. The CWEs listed indicate the related Pillar, Class, Base, and Variant CWEs for each lesson. If a CWE also has an assigned Likelihood of Exploit metric value, this value appears next to the CWE for the associated lesson with information about the vulnerability severity and prevalence.


Security Labs – Getting Started

Welcome to Security Labs! This topic helps you become familiar with the lab environment, so you can successfully find and remediate vulnerabilities while taking lessons.

Lesson Zero

.NET
10 pts
Java
10 pts
Node.js
10 pts
Go
10 pts
Python Django
10 pts
Python Flask
10 pts

OWASP 1: Broken Access Control

Access control failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.

To Protect and To Serve Secure Cookies

Tamper with an insecure cookie for privilege escalation.

CWE-1275CWE-1345CWE-284CWE-Medium
Python Django
20 pts
.NET
20 pts
Python Flask
20 pts
Rails
10 pts
Go
20 pts
Node.js
10 pts
PHP
10 pts
Scala
10 pts

Fix the Sessions

Tamper with user sessions to authenticate as a different user.

CWE-1275CWE-1345CWE-284
Java
10 pts

Bad Cookie (Challenge)

Decrypt cookies and hijack another user account.

CWE-1345CWE-1354CWE-565CWE-565 CWE-642CWE-784CWE-High
Node.js
10 pts
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Rails
10 pts
Scala
10 pts

Loose Lips Sink Servers

Leaking sensitive information can lead to account and server compromises.

CWE-1345CWE-199CWE-200CWE-201CWE-202CWE-598
Node.js
10 pts
.NET
10 pts

Secrets in the Log

While testing a new application, developers might write sensitive information to a log file, or log analyzer, which should not be included in a production system. It is critical that developers ensure no sensitive information is included in data that a malicious actor might be able to access, in either development or production systems.

CWE-201
Java
10 pts

Redirect Rodeo

Protect users by implementing secure redirect practices.

CWE-1345CWE-19CWE-601CWE-610
.NET
10 pts
Node.js
10 pts
Java
10 pts

Forging User Requests

Cause a user to take unexpected, pre-authenticated actions.

CWE-1019CWE-1345CWE-345CWE-352
.NET
10 pts
Python Django
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts
Go
10 pts

OWASP 2: Cryptographic Failures

Failures related to cryptography (or lack thereof) often lead to exposure of sensitive data.

Bugs in Debug

Verbose error messages lead to exposed sensitive data.

CWE-1295CWE-1346CWE-259CWE-262CWE-328CWE-High
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Helpful Stack Trace (Challenge)

Provoke an error that reveals sensitive info, leading to privilege escalation.

CWE-1295CWE-1346CWE-259CWE-262CWE-328CWE-High
.NET
10 pts
Python Flask
10 pts
Python Django
10 pts
Rails
10 pts

Secret Logging (Challenge)

Force an application to throw an error and leak sensitive data in a stack trace.

CWE-1295CWE-1346CWE-259CWE-262CWE-328CWE-High
Python Flask
10 pts

Insufficient Entropy New

CWE-331
Java
10 pts
New

OWASP 3: Injection

Exploiting and preventing SQL injection attacks that access sensitive data. Reflected and persistent cross-site scripting attacks. Content Security Policy.

Own the Database

Practice injection on a web app that uses a SQL database to retrieve data.

CWE-1347CWE-89CWE-943CWE-High
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
PHP
10 pts
Rails
10 pts
Scala
10 pts

Parameterize all the things

Defend against injection using an app that returns data from a SQL-based database.

.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Timing is everything (Challenge)

Indirectly reveal sensitive data using SQL 'sleep' commands.

Python Django
10 pts
Python Flask
10 pts

Bobby Tables (Challenge)

Use SQLi to return sensitive data, then properly parameterize queries to avoid injection attacks.

.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Can you see your reflection?

Practice exploiting simple cross-site scripting vulnerabilities to deliver JavaScript payloads.

CWE-1347CWE-74CWE-79CWE-80CWE-87CWE-High
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts
PHP
10 pts

Down with Uploads

Insufficient validation of user uploads can lead to stored XSS or directory traversal attacks.

CWE-1347CWE-1348CWE-434CWE-74CWE-79CWE-80CWE-Medium
.NET
20 pts
Java
20 pts
Python Flask
20 pts
Node.js
20 pts
Python Django
20 pts
Scala
10 pts
PHP
10 pts

Alert (Challenge)

Exploit a non-persistent XSS vulnerability in a poorly protected app.

CWE-1347CWE-74CWE-79CWE-80CWE-87CWE-High
Python Flask
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Scala
10 pts

Persistence (Challenge)

Exploit directory traversal and persistent XSS vulnerabilities in a poorly protected app.

CWE-1345CWE-1347CWE-22CWE-23CWE-24CWE-73CWE-74CWE-High
Python Flask
20 pts
Java
10 pts
Node.js
20 pts
Python Django
20 pts
Rails
10 pts

Reflected XSS and input formatting

Cross-site scripting vulnerabilities with HTML input validation

CWE-1347CWE-74CWE-79CWE-80CWE-87CWE-High
Rails
10 pts

Stored XSS versus CSP

Defense in depth using CSP against XSS attacks.

CWE-1347CWE-1348CWE-434CWE-74CWE-79CWE-80CWE-Medium
.NET
20 pts
Node.js
20 pts
Scala
20 pts

Check your sources

Content Security Policy to prevent XSS and other code injection.

Java
20 pts
Python Django
20 pts

Angular HTML and URL sanitization

Cause XSS through improper sanitization and poor variable handoff with Angular.

Rails
10 pts

Angular ERB sanitization

Cause XSS through improper sanitization and poor variable handoff with Angular.

Rails
10 pts

OWASP 4: Insecure Design

Failing to initially think about and address security vulnerabilities at the design phase can lead to vulnerabilities and defects.

Making Secure Decisions

Insecure design decisions can lead to vulnerabilities at every level of an application.

CWE-1348CWE-657CWE-710
Node.js
10 pts
Java
10 pts
.NET
10 pts
Python Flask
10 pts
Python Django
10 pts
Go
10 pts

Valid Deficit

CWE-1173 occurs when an application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

CWE-1173CWE-1174CWE-1215CWE-1348CWE-20
Node.js
10 pts
.NET
10 pts
Java
10 pts

OWASP 5: Security Misconfiguration

Generating and storing secret keys securely.

Jot down this key

Modify JWTs by exploiting knowledge of an insecure secret key.

CWE-1349CWE-287CWE-312CWE-321CWE-798CWE-High
.NET
10 pts
Java
10 pts
Node.js
20 pts

Bulky Updates

Access hidden attributes to take unauthorized actions.

CWE-1349CWE-1354CWE-913CWE-915
Rails
10 pts

Can you keep a secret?

Generate a working session token for another user by exploiting knowledge of an insecure secret key.

CWE-1349CWE-287CWE-312CWE-321CWE-798
Python Flask
10 pts
Go
20 pts
Node.js
10 pts
PHP
10 pts
Python Django
20 pts
Scala
10 pts

Secret Admin (Challenge)

Escalate JWT user privileges by exploiting knowledge of an insecure secret key.

CWE-1349CWE-287CWE-312CWE-321CWE-798
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts
Scala
10 pts

eXternal Entity (injection)

Unsafe entity parsing reveals the contents of server files.

CWE-1347CWE-1349CWE-610CWE-611
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

XML is always a... (Challenge)

Get access to sensitive data by injecting custom XML.

CWE-1347CWE-1349CWE-610CWE-611
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

External Resolution (Challenge)

Retrieve a system file by injecting custom XML, then defend against XXE.

CWE-1347CWE-1349CWE-610CWE-611
Python Flask
10 pts

OWASP 6: Vulnerable and Outdated Components

Keep tabs on outdated dependencies with known security weaknesses.

Suspicious Packages

Find and exploit vulnerabilities in outdated packages.

CWE-1104CWE-1320CWE-1352CWE-1357
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Rails
10 pts
PHP
10 pts
Scala
10 pts

Outdated Dependencies (Challenge)

Find and upgrade an outdated, vulnerable dependency.

CWE-1104CWE-1320CWE-1352CWE-1357
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts
Scala
10 pts

OWASP 7: Identification and Authentication Failures

Enforcing user password requirements and properly encrypting passwords.

Really, really bad passwords

Enforce server-side password requirements and hash passwords securely.

CWE-1353CWE-287CWE-521CWE-High
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts

Hash it, store it, salt - upgrade it

Encrypting user passwords securely.

CWE-1346CWE-1353CWE-327CWE-759CWE-760CWE-916CWE-High
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
PHP
10 pts
Python Django
10 pts
Rails
10 pts
Scala
10 pts
.NET
10 pts

Authentication Bypass

"Force browse" to an unprotected page to discover confidential information.

CWE-1345CWE-1353CWE-285CWE-425CWE-862CWE-High
Go
10 pts
Node.js
10 pts

Terrible Password (Challenge)

SQLi and poor password hashing lead to exposed user accounts.

CWE-1346CWE-1353CWE-327CWE-759CWE-760CWE-916CWE-High
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Node.js
10 pts
Rails
10 pts
Scala
10 pts

OWASP 8: Software and Data Integrity Failures

It is a new category for 2021, focusing on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. One of the highest weighted impacts from Common Vulnerability and Exposures/Common Vulnerability Scoring System (CVE/CVSS) data mapped to the 10 CWEs in this category. A8:2017-Insecure Deserialization is now a part of this larger category.

Sleeping With the Enemy

Investigate the integrity of a useful third-party library.

CWE-1214CWE-1354CWE-829CWE-830
.NET
10 pts
Node.js
10 pts

In a Pickle

Data serialization leads to dangerous user-provided payloads.

CWE-1354CWE-399CWE-502CWE-913CWE-Medium
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Python Django
10 pts
PHP
10 pts
Scala
10 pts

Deserialization (Challenge)

Use pickling to reveal the code of the underlying application.

CWE-1354CWE-399CWE-502CWE-913CWE-Medium
Python Flask
10 pts
Java
10 pts

Mongo: like SQL, but messier

View non-public posts by supplying a document query as user input.

Node.js
10 pts

Tell Mongo "no-go" for untrusted code

Defend against NoSQL IDOR on a NodeJS app that uses MongoDB to store and retrieve data.

CWE-566CWE-639
Node.js
10 pts

User-Provided Users

Exposed, unhashed user IDs are modifiable by users.

CWE-566CWE-639
Rails
10 pts

Prototype Protection Agency

Lax or missing input validation can lead to data corruption.

CWE-1321CWE-1354CWE-502CWE-915
Node.js
10 pts

OWASP 9: Security Logging and Monitoring Failures

Rate-limit sensitive actions and block attacks as they happen.

Slow Down

Brute force a user's password on a non-rate-limited login page.

CWE-1348CWE-1355CWE-307CWE-770CWE-799
.NET
10 pts
Python Flask
10 pts
Go
10 pts
Java
10 pts
Node.js
10 pts
Python Django
10 pts
Rails
10 pts
PHP
10 pts
Scala
10 pts

Brute Force (Challenge)

Brute force a user's password on a non-rate-limited login page.

CWE-1348CWE-1355CWE-307CWE-770CWE-799
.NET
10 pts
Python Flask
10 pts
Java
10 pts
Rails
10 pts

Hold the Line

Learn how attackers use CRLF injection to flood log files with false events and how to remediate a CRLF vulnerability.

CWE-116CWE-117CWE-1355CWE-93
Node.js
10 pts
.NET
10 pts
Java
10 pts

OWASP 10: Server-Side Request Forgery

SSRF flaws can occur when a web application fetches a remote resource without validating the user-supplied URL.

Get there from here

CWE-1356CWE-441CWE-610CWE-918
Java
10 pts
Node.js
10 pts
.NET
10 pts
Python Flask
10 pts
Python Django
10 pts
Go
10 pts

Beyond OWASP Top 10: Other Web App Risks

This module contains the CWEs, vulnerabilities, and flaws that don't quite fit into the OWASP Top 10 categories.

Do You Remember?

Memory management might seem like a problem from the distant past, but it can still cause issues if not implemented properly.

CWE-399CWE-404CWE-772
.NET
10 pts

Know Your Limits

Resource limits can be exceeded when either hard limitations, or software settings have been reached. CWE-404 describes Improper Resource Shutdown or Release weaknesses that should be avoided.

CWE-399CWE-404CWE-770CWE-772
Java
10 pts

OWASP API 1: Broken Object Level Authorization

One ID to Access All Objects New

CWE-285CWE-639
Java
10 pts
New
.NET
10 pts
New
Node.js
10 pts
New

Stronger IDs New

CWE-285CWE-639
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 2: Broken Authentication

Really, really bad passwords New

CWE-204CWE-307
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Terrible Password (Challenge) New

CWE-204CWE-307
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Slow Down New

CWE-307
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Brute Force (Challenge) New

CWE-307
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 3: Broken Object Property Level Authorization

Bugs in Debug New

CWE-213CWE-915
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Revealing Schemas New

CWE-213CWE-915
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Bad Design Compromises Security New

CWE-213CWE-915
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 4: Unrestricted Resource Consumption

Denial of Service New

CWE-400CWE-770CWE-799
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 5: Broken Function Level Authorization

Neglected endpoints New

CWE-285
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 6: Unrestricted Access to Sensitive Business Flows

The Great Referral Quest New

CWE-799CWE-837CWE-841
Java
10 pts
New

OWASP API 7: Server-Side Request Forgery [SSRF]

Retrieval Without Validation New

CWE-441CWE-610CWE-918
Java
10 pts
New

OWASP API 8: Security Misconfiguration

Jot down this key New

CWE-16CWE-319
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Secret Admin (Challenge) New

CWE-16CWE-319
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

eXternal Entity (injection) New

CWE-16CWE-319
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

XML is always a (Challenge) New

CWE-16CWE-319
.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 9: Improper Inventory Management

Unprotected Deployments New

.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

OWASP API 10: Unsafe Consumption of APIs

Gift Cards at Risk New

Java
10 pts
New

More OWASP Vulnerabilities for APIs

Own the database New

.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Parameterize all the things New

.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Bobby Tables (Challenge) New

.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

The Importance of Logging and Monitoring New

.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Logging in the API Infrastructure New

.NET
10 pts
New
Java
10 pts
New
Node.js
10 pts
New

Secure C++ Programming: Best Practices

Prevent the compilation of programs using unsafe functions with banned function headers.

Forbidden Functions

A banned function header prevents the compilation of programs using unsafe functions.

C++
10 pts

Time and Time Again

A side-channel timing attack reveals sensitive information.

C++
10 pts

Secure C++ Programming: Bitwise Shifts

Low-level operations with undefined results.

Shifty RSA

An RSA implementation allows for invalid bit shifts.

C++
10 pts

Secure C++ Programming: Compilers

Sensitive data leaked through insecure compiler optimizations.

Optimal Memory

A program that checks user input against a password file leaves sensitive data in memory.

C++
30 pts

Secure C++ Programming: Files

Overwriting system files through race conditions.

Race condition

An encryption program allows system files to be overwritten through a race condition.

CWE-367
C++
10 pts

Secure C++ Programming: Heap Overflows

Unsafe character arrays, null terminators, and use of GDB to examine heap memory.

Take Note!

A note-taking program copies strings to the heap unsafely.

CWE-122
C++
30 pts

Secure C++ Programming: Integer Overflows

Overflowing short integers and wraparound of unsigned integers.

Short Scores

A program to add golf scores is susceptible to overflowing.

CWE-190
C++
10 pts

Unsigned Messages

A message parsing utility uses unsafe range checks.

CWE-190
C++
20 pts

Coercive Login

Use integer coercion to log in as an admin user.

CWE-190
C++
10 pts

Secure C++ Programming: Iterators and Sequence Containers

Leaked data through unsafe iteration and unsafe access of container indices.

Go The Distance (but not too far)

A program to parse input from a file iterates unsafely, resulting in leaked data.

C++
10 pts

Pinball Wizard

A program to display high scores trusts user input, leading to multiple vulnerabilities.

C++
20 pts

Secure C++ Programming: Memory Management

Accessing freed memory when unsafe parsing keeps deallocated pointers accessible.

Use After Free

An HTML rendering engine parses input unsafely, keeping a deallocated pointer accessible.

CWE-416
C++
10 pts

Secure C++ Programming: Overreads

Buffer overruns common to parsing utilities, and the dangers of relying on side effects.

Passed Date

A date parsing and formatting utility allows for buffer over-reads.

C++
10 pts

Trivial Side Effects

A trivia program reveals sensitive data by poorly tracking player scores.

C++
10 pts

Secure C++ Programming: Stack Overflows

Unsafe string copying and incomplete string comparisons.

Triple Word Score

A Scrabble score calculator copies user input unsafely.

CWE-121CWE-170
C++
10 pts

Secure C++ Programming: Threads

Poor use of mutex locks leads to exceptions.

Lock down the threads

Poor use of mutex locks leads to exceptions.

C++
10 pts

General Application Security: Common React Pitfalls

Vulnerabilities frequently encountered in ReactJS application development.

React string sanitization

Cause XSS through improper sanitization and poor variable handoff with React.

Node.js
10 pts

Sneaky links

Learn about a feature of HTML that can leave your React app open to XSS.

Node.js
10 pts

Dangerously set HTML links

React's dangerouslySetInnerHtml and markdown rendering craft a malicious href.

Node.js
10 pts

General Application Security: Cross-Site Scripting (XSS)

Content Security Policy

CSP to prevent XSS and other code injection.

Python Django
20 pts
Node.js
20 pts

Persistent Cross-Site Scripting

Stored XSS and directory traversal via "image" uploads.

Python Django
20 pts
Node.js
20 pts

Reflected Cross-Site Scripting

Inject inline JavaScript into a Go template through JSON input.

Go
10 pts
Python Django
10 pts
Node.js
10 pts

General Application Security: User Data Privacy

An app to track users' jogging habits can benefit from improved data handling practices.

PII Storage

De-identify and limit or do not collect sensitive user data

Node.js
10 pts

Access and Erasure

Let users see their stored data, delete their data, and have the 'right to be forgotten'

Node.js
20 pts

Rectification

Let users supply corrections to their data

Node.js
10 pts

Data Portability

Let users export their data in a machine-readable format

Node.js
10 pts

Informed Consent

Let users actively choose to give consent for clear, specific data collection, as well as opting out

Node.js
10 pts

General Application Security: CWE-319 Cleartext Transmission of Sensitive Data

Sensitive traffic is sent over unencrypted HTTP.

See-through traffic

Sniff a user's credentials via insecure HTTP requests.

Node.js
10 pts
Go
10 pts

General Application Security: CWE-352 Cross-Site Request Forgery

Forge valid requests from authenticated users.

Forging user requests

Cause a user to take unexpected, pre-authenticated actions.

CWE-352
Python Django
10 pts
Rails
10 pts
Go
10 pts

General Application Security: CWE-601 Open Redirects

Unchecked URL redirection to untrusted sites.

The Art of Redirection

URL redirects cause users to automatically visit untrusted sites.

CWE-1345CWE-19CWE-601CWE-610
Node.js
10 pts

No Going Back (Challenge)

Work around a URL redirect safety check, then provide an allowlist.

CWE-1345CWE-19CWE-601CWE-610
Node.js
10 pts

General Application Security: CWE-1021 Improper Restriction of Frames

A lack of response header allows the application to load in an external frame.

You've been framed

A clickjacking attack tricks users into taking intended actions.

Rails
10 pts

Mobile Security

Writing more secure mobile applications.

Custom URL Handling

Explore custom URL schemes, used to allow other applications to request that your app take some action.

Kotlin
10 pts
Swift
10 pts

Secrets Storage

Explore how shared secrets can be vulnerable to attack.

Kotlin
10 pts
Swift
10 pts

Forced Browsing & API Security

Explore how a forced browsing attack can occur when a malicious actor locates unlinked contents.

Kotlin
10 pts
Swift
10 pts

Mobile Logging

Explore the role of application logging.

Kotlin
10 pts
Swift
10 pts

PCI: Broken Authentication & Session Management

Secret key management

Modify JWTs by exploiting knowledge of an insecure secret key.

Python Django
20 pts

Secure session cookies

Tamper with an insecure cookie to hijack another user's account.

Python Django
20 pts
Node.js
10 pts

Cookie hijack (Challenge)

Decrypt cookies and hijack another user account.

Node.js
10 pts

PCI: Improper Access Control

Pickling and deserialization

Access restricted content via insecure serialized input.

Python Django
10 pts

NoSQL with Mongo

View non-public posts by supplying a document query as user input.

Node.js
10 pts

Open redirects

URL redirects cause users to automatically visit untrusted sites.

Node.js
10 pts

PCI: Improper Error Handling

Debug mode in production

Verbose error messages lead to exposed sensitive data.

Python Django
10 pts
Node.js
10 pts

Stack Trace (Challenge)

Use revealing errors to gain admin permissions.

Python Django
10 pts

PCI: Injection Flaws

SQL injection

Use SQL injection to give yourself superuser privileges.

Python Django
10 pts
Go
10 pts
Node.js
10 pts

Parameterize queries

Defend against injection attacks by using safe database lookups.

Python Django
10 pts
Go
10 pts
Node.js
10 pts

Bobby Tables SQLi (Challenge)

Use SQLi to return sensitive data, then properly parameterize queries to avoid injection attacks.

Python Django
10 pts
Go
10 pts
Node.js
10 pts

PCI: Insecure Cryptographic Storage

Storing password hashes

Encrypting data to store sensitive information securely.

Python Django
10 pts
Node.js
10 pts

Terrible Password (Challenge)

SQLi and poor hashing lead to exposed passwords.

Node.js
10 pts

PCI: Other High-Risk Vulnerabilities

Outdated third-party dependencies

Keep tabs on outdated packages with known security weaknesses.

Python Django
10 pts
Node.js
10 pts

Bash Terminal Usage: Beginner

Navigate around system file and folders using the bash shell.

Introduction to Bash 1

Shell commands to navigate around directories and modify files.

Bash Shell
10 pts

Introduction to Bash 2

Navigate files and folders more efficiently, and search for file contents.

Bash Shell
10 pts

Introduction to Bash 3

Preview the contents of files; create new folders and move files around.

Bash Shell
10 pts

Bash Terminal Usage: Intermediate

Additional bash skills: text editing, scripting, and additional command line tools.

Encrypting, encoding and hashing

Common encoding patterns, cryptographic techniques, and command line tools.

Bash Shell
10 pts

Introduction to bash scripting

Automate tasks by writing and running basic scripts in bash.

Bash Shell
10 pts

Nano for text editing

Use Nano, a basic text editor, for creating and editing files.

Bash Shell
10 pts

DjanGoat

A vulnerable Django application for OWASP Top 10 practice challenges.

Sensitive Data Exposure (Challenge)

Python Django
10 pts

Cleartext Storage (Challenge)

Python Django
10 pts

Missing Function Level Access Control (Challenge)

Python Django
10 pts

DOM XSS (Challenge)

Python Django
10 pts

Insecure Direct Object Reference (Challenge)

Python Django
10 pts

SQL Injection Interpolation (Challenge)

Python Django
10 pts

SQL Injection Concatenation (Challenge)

Python Django
10 pts

Stored XSS (Challenge)

Python Django
10 pts

Command Injection (Challenge)

Python Django
10 pts

Credential Enumeration (Challenge)

Python Django
10 pts

Forensics

Work with disk images and investigate the contents of system files.

Creating a disk image

Learn how to acquire a disk image using the forensic tool dc3dd.

Forensics
10 pts

Metadata with ExifTool

View and modify the metadata associated with multimedia files.

Forensics
10 pts

Working with a disk image

Hard disk image analysis with the sleuthkit (TSK), a standard forensic tool.

Forensics
10 pts

Analyzing log files

Uncover evidence of an attack by analyzing a system's logs.

Forensics
20 pts

Juice Shop

Very vulnerable MEAN web app full of practice challenges.

Error Handling (Challenge)

Provoke an error that is not very gracefully handled.

Node.js
10 pts

Login Bypass (Challenge)

Log in with other users' accounts via SQL injection.

Node.js
20 pts

Credentials Dump (Challenge)

Retrieve a list of all user credentials via SQL injection.

Node.js
10 pts

XSS Levels (Challenge)

Reflected and persistent XSS attacks of increasing difficulty.

Node.js
30 pts

File Uploads (Challenge)

Improper input validation in user file uploads.

Node.js
10 pts

Hidden Pages (Challenge)

Find carefully hidden pages.

Node.js
10 pts

Confidential Documents (Challenge)

Access unprotected confidential documents.

Node.js
30 pts

Open Redirects (Challenge)

Redirect from the Juice Shop to external untrusted sites.

Node.js
20 pts

Account Hijack (Challenge)

Access and modify another user's shopping cart.

Node.js
20 pts