Skip to main content

Training updates

· 11 min read

The updates on this page apply to Veracode Security Labs and Veracode eLearning. Updates that apply to specific Veracode regions show a region icon.

Security Labs is only available in the Commercial region.

eLearning is available in all Veracode regions.

April 2, 2025

New Security Labs lessons

Container Security in Docker - Networking

  • NET namespaces
  • Attack surface
  • Network sockets
  • SSH
  • Inter-container communication
  • iptables

March 5, 2025

New Veracode branding

  • Veracode has updated the look-and-feel of Security Labs with new branding.

New Security Labs lessons

Container Security in Docker - Capabilities

  • Linux capabilities
  • Capabilities in containers
  • Security profiles
  • Game overlay
  • Kernel attack

February 5, 2025

New Security Labs lessons for Enterprise Edition

Container Security in Docker - Users

  • Cloning users
  • Cloning groups
  • User namespaces
  • Privilege escalation

Container Security in Docker - Virtualization

  • UTS namespaces
  • Mount namespaces
  • Attack on Beluga
  • PID namespaces
  • Unmasking Docker
  • Runtime attack

New Security Labs lessons for Community Edition

Container Security

  • Cloning users

OWASP Vulnerabilities for APIs

  • One ID to Access All Objects (Java, .NET)

OWASP Vulnerabilities for Web Apps

  • To Protect and To Serve Secure Cookies (Python, .NET, Rails, Go, Node, PHP)

January 8, 2025

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 2: Insufficient Entropy (.NET, Python)

OWASP API Top 10 2023 labs

  • OWASP API 6: The Great Referral Quest (.NET)
  • OWASP API 10: Gift Cards at Risk (.NET)

December 11, 2024

New Security Labs features include CWE tagging for lessons and code syntax highlighting.

CWE tagging improves lesson assignment

  • Admins can search lessons based on CWE or title.
  • Learners can see lessons linked to specific CWEs.

Syntax highlighting improves clarity of code samples

  • Learners see code syntax highlighting that is tailored to programming languages.

December 4, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 2: Insufficient Entropy (Node)

OWASP API Top 10 2023 labs

  • OWASP API 6: The Great Referral Quest (Node)
  • OWASP API 7: Retrieval Without Validation (Node)
  • OWASP API 7: Retrieval Without Validation (.NET)
  • OWASP API 10: Gift Cards at Risk (Node)

November 6, 2024

New Security Labs lessons

OWASP Top 10 2021 labs and OWASP API Top 10 2023 labs

Four NEW lessons have been released. This includes upgrading the OWASP API Security Top 10 from 2019 to 2023, and adding lessons for three new categories.

  • OWASP 2: Insufficient Entropy (for Java)
  • OWASP API 6: The Great Referral Quest (Java)
  • OWASP API 7: Retrieval Without Validation (Java)
  • OWASP API 10: Gift Cards at Risk (Java)

Lessons will be reorganized to fit into their new position in the OWASP API Security Top 10 (2023) list. An additional More OWASP Vulnerabilities for APIs category was added to include lessons that fall into categories that are no longer in the API Top 10.

September 5, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Redirect Rodeo (Java)
  • OWASP 1: Forging User Requests (Java, Go, Rails)

May 1, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Forging User Requests (Python, Flask)

April 29, 2024

eLearning course updates

The following 32 courses now have updated cover pages and optional closed captions:

  • Secure Coding Foundations (7 courses)
  • AppSec Tutorials (11 courses)
  • General Security (9 courses)
  • Mobile Security (4 courses)
  • OWASP Top Ten (2021) (1 course)

April 3, 2024

New Security Labs lessons

OWASP API Security Top 10 labs

  • OWASP API 6: Bad Design Compromises Security (JavaScript)
  • OWASP API 7: Jot Down this Key (JavaScript)
  • OWASP API 7: Secret Admin (JavaScript)
  • OWASP API 7: eXternal Entity Injection (JavaScript)
  • OWASP API 7: XML is Always a Challenge (JavaScript)
  • OWASP API 8: Own the Database (JavaScript)
  • OWASP API 8: Parameterize All the Things (JavaScript)
  • OWASP API 8: Bobby Tables (JavaScript)
  • OWASP API 9: Unprotected Deployments (JavaScript)
  • OWASP API 10: The Importance of Logging and Monitoring (JavaScript)
  • OWASP API 10: Logging in the API Infrastructure (JavaScript)

March 6, 2024

New Security Labs lessons

OWASP API Security Top 10 labs

  • OWASP API 1: One ID to Access All Objects (JavaScript)
  • OWASP API 1: Stronger IDs (JavaScript)
  • OWASP API 2: Really, Really Bad Passwords (JavaScript)
  • OWASP API 2: Terrible Password (JavaScript)
  • OWASP API 3: Bugs in Debug (JavaScript)
  • OWASP API 3: Revealing Schemas (JavaScript)
  • OWASP API 4: Slow Down (JavaScript)
  • OWASP API 4: Brute Force (JavaScript)
  • OWASP API 4: Denial of Service (JavaScript)
  • OWASP API 5: Neglected Endpoints (JavaScript)

February 7, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Forging User Requests (.NET)

OWASP API Security Top 10 labs

  • OWASP API 10: The Importance of Logging and Monitoring (Java)
  • OWASP API 10: Logging in the API Infrastructure (Java)

January 16, 2024

New Security Labs lesson

OWASP API Security Top 10 labs

  • OWASP API 9: Unprotected Deployments (Java)

December 6, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Redirect Rodeo (.NET, JavaScript)
  • OWASP 8: Prototype Protection Agency (JavaScript)

OWASP API Security Top 10 labs

  • OWASP API 8: Own the Database (Java)
  • OWASP API 8: Parameterize All the Things (Java)
  • OWASP API 8: Bobby Tables (Java)

November 1, 2023

New Security Labs lessons

OWASP API Security Top 10 labs

  • API 7: Jot Down This Key (Java)
  • API 7: Secret Admin (Java)
  • API 7: eXternal Entity (Java)
  • API 7: XML is Always a Challenge (Java)

May 3, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New OWASP 10: Get There From Here (Python, Go)

April 5, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New OWASP 10: Get There From Here (.NET, Flask)

OWASP API Security Top 10 labs

  • API 5: Neglected Endpoints (Java)
  • API 6: Bad Design Compromises Security (Java)
  • API 6: Bad Design Compromises Security (.NET) (revamped!)

March 1, 2023

New Security Labs lessons

Getting Started Labs

New Getting Started - Lesson Zero (Flask, Go, Python)

OWASP Top 10 2021 labs

  • OWASP 1: Broken Access Control - Secrets in the Log (Java)
  • OWASP 4: Making Secure Decisions (Flask, Go, Python)

OWASP API Security Top 10 labs

  • API 4: Slow Down (Java)
  • API 4: Brute Force (Java)
  • API 4: Denial of Service (Java)

February 1, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Broken Access Control - Loose Lips Sink Servers (.NET)
  • Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)

OWASP API Security Top 10 labs

  • API 3: Bugs in Debug (Java)
  • API 3: Revealing Schemas (Java)

January 4, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (.NET)

OWASP API Security Top 10 labs

  • API 2: Really, Really Bad Passwords (Java)
  • API 2: Terrible Password (Java)

December 6, 2022

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 4: Insecure Design - Insecure Decisions (.NET, Java)
  • OWASP 4: Making Secure Decisions (Java)

OWASP API Security Top 10 labs

  • API 1: One ID to Access All Objects (Java)
  • API 1: Stronger IDs (Java)

Getting Started Labs

New Getting Started - Lesson Zero (Java, Node)

November 1, 2022

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
  • OWASP 4: Insecure Design - Valid Deficit (.NET)

OWASP API Security Top 10 labs

New API 4: Lack of Resources & Rate Limiting - Denial of Service

October 4, 2022

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 4: Insecure Design - Valid Deficit (Node)
  • OWASP 9: Security Logging and Monitoring Failures - Hold the Line (.NET, Java)

September 26, 2022

Topic Progress Bar Now Focused on Required Labs

In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.

September 6, 2022

One New Security Labs Lesson

OWASP Top 10 2021 labs

New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)

August 24, 2022

New Click-Through Tour

August 3, 2022

Three New API Security Labs Lessons

OWASP API Security Top 10 labs

  • New API 9 Improper Assets Management - Unprotected deployments (.NET)
  • New API 10 Insufficient Logging & Monitoring - The Importance of Logging and Monitoring (.NET)
  • New API 10 Insufficient Logging & Monitoring - Logging in the API Infrastructure (.NET)

July 6, 2022

Seven New API Security Labs Lessons and One Updated OWASP Course

OWASP API Security Top 10 labs

  • New API 7 Security Misconfiguration - Jot down this key (.NET)
  • New API 7 Security Misconfiguration - Secret Admins (.NET)
  • New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
  • New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
  • New API 8 Injection - Own the database (.NET)
  • New API 8 Injection - Parameterize all the things (.NET)
  • New API 8 Injection - Bobby Tables (.NET)

OWASP Top 10:2021:10 Server-Side Request Forgery

New Get There From Here (Node)

June 30, 2022

Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials

  • Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
  • Added two new AppSec Tutorials on Learner Level 2

June 1, 2022

The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses

OWASP API Security Top 10 labs

  • API5:2019 Neglected endpoints (.NET)
  • API6:2019 Bad Design Compromises Security (.NET)

OWASP Top 10 2021 labs

See the Course Catalog for more details.

  • A01:2021 Broken Access Control
  • A02:2021 Cryptographic Failures
  • A03:2021 Injection
  • A05:2021 Security Misconfiguration
  • A06:2021 Vulnerable and Outdated Components
  • A07:2021 Identification and Authentication Failures
  • A08:2021 Software and Data Integrity Failures
  • A09:2021 Security Logging and Monitoring Failures

May 19, 2022

The Security Training Team Released Three New eLearning Courses and Updated One Course

  • Updated A04: eLearning Secure Architecture and Design
  • OWASP Top 10 2021
  • A10: Server-Side Request Forgery AppSec Tutorial
  • A08: Software and Data Integrity Failures AppSec Tutorial

May 4, 2022

The Security Training Team Released Seven Labs

OWASP API Security Top 10 Labs:

  • API3:2019 Excessive Data Exposure - Bugs in Debug (.NET)
  • API3:2019 Excessive Data Exposure - Revealing Schemas (.NET)
  • API4:2019 Lack of Resources and Rate Limiting - Slow Down (.NET)
  • API4:2019 Lack of Resources and Rate Limiting - Brute Force (.NET)

OWASP Top 10 2021 Labs:

  • A04:2021 Insecure Design - Making Secure Decisions (.NET)
  • A08:2021 Software and Data Integrity Failures - Sleeping With the Enemy (.NET, Node)
  • A10:2021 Server-Side Request Forgery - Get There From Here (Java)

April 6, 2022

Two New Labs

  • OWASP API #1 - Broken Object Level Authorization
  • OWASP API #2 - Broken User Authentication