Skip to main content

Training updates

· 15 min read

The updates on this page apply to Veracode Security Labs and Veracode eLearning. Updates that apply to specific Veracode regions show a region icon.

Security Labs is only available in the Commercial region.

eLearning is available in all Veracode regions.

April 2, 2025

New Security Labs lessons

Container Security in Docker - Networking

  • NET namespaces
  • Attack surface
  • Network sockets
  • SSH
  • Inter-container communication
  • iptables

March 5, 2025

New Veracode branding

  • Veracode has updated the look-and-feel of Security Labs with new branding.

New Security Labs lessons

Container Security in Docker - Capabilities

  • Linux capabilities
  • Capabilities in containers
  • Security profiles
  • Game overlay
  • Kernel attack

February 5, 2025

New Security Labs lessons for Enterprise Edition

Container Security in Docker - Users

  • Cloning users
  • Cloning groups
  • User namespaces
  • Privilege escalation

Container Security in Docker - Virtualization

  • UTS namespaces
  • Mount namespaces
  • Attack on Beluga
  • PID namespaces
  • Unmasking Docker
  • Runtime attack

New Security Labs lessons for Community Edition

Container Security

  • Cloning users

OWASP Vulnerabilities for APIs

  • One ID to Access All Objects (Java, .NET)

OWASP Vulnerabilities for Web Apps

  • To Protect and To Serve Secure Cookies (Python, .NET, Rails, Go, Node, PHP)

January 8, 2025

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 2: Insufficient Entropy (.NET, Python)

OWASP API Top 10 2023 labs

  • OWASP API 6: The Great Referral Quest (.NET)
  • OWASP API 10: Gift Cards at Risk (.NET)

December 11, 2024

New Security Labs features include CWE tagging for lessons and code syntax highlighting.

CWE tagging improves lesson assignment

  • Admins can search lessons based on CWE or title.
  • Learners can see lessons linked to specific CWEs.

Syntax highlighting improves clarity of code samples

  • Learners see code syntax highlighting that is tailored to programming languages.

December 4, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 2: Insufficient Entropy (Node)

OWASP API Top 10 2023 labs

  • OWASP API 6: The Great Referral Quest (Node)
  • OWASP API 7: Retrieval Without Validation (Node)
  • OWASP API 7: Retrieval Without Validation (.NET)
  • OWASP API 10: Gift Cards at Risk (Node)

November 6, 2024

New Security Labs lessons

OWASP Top 10 2021 labs and OWASP API Top 10 2023 labs

Four NEW lessons have been released. This includes upgrading the OWASP API Security Top 10 from 2019 to 2023, and adding lessons for three new categories.

  • OWASP 2: Insufficient Entropy (for Java)
  • OWASP API 6: The Great Referral Quest (Java)
  • OWASP API 7: Retrieval Without Validation (Java)
  • OWASP API 10: Gift Cards at Risk (Java)

Lessons will be reorganized to fit into their new position in the OWASP API Security Top 10 (2023) list. An additional More OWASP Vulnerabilities for APIs category was added to include lessons that fall into categories that are no longer in the API Top 10.

September 5, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Redirect Rodeo (Java)
  • OWASP 1: Forging User Requests (Java, Go, Rails)

May 1, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Forging User Requests (Python, Flask)

April 29, 2024

eLearning course updates

The following 32 courses now have updated cover pages and optional closed captions:

  • Secure Coding Foundations (7 courses)
  • AppSec Tutorials (11 courses)
  • General Security (9 courses)
  • Mobile Security (4 courses)
  • OWASP Top Ten (2021) (1 course)

April 3, 2024

New Security Labs lessons

OWASP API Security Top 10 labs

  • OWASP API 6: Bad Design Compromises Security (JavaScript)
  • OWASP API 7: Jot Down this Key (JavaScript)
  • OWASP API 7: Secret Admin (JavaScript)
  • OWASP API 7: eXternal Entity Injection (JavaScript)
  • OWASP API 7: XML is Always a Challenge (JavaScript)
  • OWASP API 8: Own the Database (JavaScript)
  • OWASP API 8: Parameterize All the Things (JavaScript)
  • OWASP API 8: Bobby Tables (JavaScript)
  • OWASP API 9: Unprotected Deployments (JavaScript)
  • OWASP API 10: The Importance of Logging and Monitoring (JavaScript)
  • OWASP API 10: Logging in the API Infrastructure (JavaScript)

March 6, 2024

New Security Labs lessons

OWASP API Security Top 10 labs

  • OWASP API 1: One ID to Access All Objects (JavaScript)
  • OWASP API 1: Stronger IDs (JavaScript)
  • OWASP API 2: Really, Really Bad Passwords (JavaScript)
  • OWASP API 2: Terrible Password (JavaScript)
  • OWASP API 3: Bugs in Debug (JavaScript)
  • OWASP API 3: Revealing Schemas (JavaScript)
  • OWASP API 4: Slow Down (JavaScript)
  • OWASP API 4: Brute Force (JavaScript)
  • OWASP API 4: Denial of Service (JavaScript)
  • OWASP API 5: Neglected Endpoints (JavaScript)

February 7, 2024

New Security Labs lessons

OWASP Top 10 2021 labs

  • OWASP 1: Forging User Requests (.NET)

OWASP API Security Top 10 labs

  • OWASP API 10: The Importance of Logging and Monitoring (Java)
  • OWASP API 10: Logging in the API Infrastructure (Java)

January 16, 2024

New Security Labs lesson

OWASP API Security Top 10 labs

  • OWASP API 9: Unprotected Deployments (Java)

Previous updates

2023 updates

2023 updates

December 6, 2023

New Security Labs lessons

OWASP Top 10 2021 labs
  • OWASP 1: Redirect Rodeo (.NET, JavaScript)
  • OWASP 8: Prototype Protection Agency (JavaScript)
OWASP API Security Top 10 labs
  • OWASP API 8: Own the Database (Java)
  • OWASP API 8: Parameterize All the Things (Java)
  • OWASP API 8: Bobby Tables (Java)

November 1, 2023

New Security Labs lessons

OWASP API Security Top 10 labs
  • API 7: Jot Down This Key (Java)
  • API 7: Secret Admin (Java)
  • API 7: eXternal Entity (Java)
  • API 7: XML is Always a Challenge (Java)

May 3, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New OWASP 10: Get There From Here (Python, Go)

April 5, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New OWASP 10: Get There From Here (.NET, Flask)

OWASP API Security Top 10 labs
  • API 5: Neglected Endpoints (Java)
  • API 6: Bad Design Compromises Security (Java)
  • API 6: Bad Design Compromises Security (.NET) (revamped!)

March 1, 2023

New Security Labs lessons

Getting Started Labs

New Getting Started - Lesson Zero (Flask, Go, Python)

OWASP Top 10 2021 labs
  • OWASP 1: Broken Access Control - Secrets in the Log (Java)
  • OWASP 4: Making Secure Decisions (Flask, Go, Python)
OWASP API Security Top 10 labs
  • API 4: Slow Down (Java)
  • API 4: Brute Force (Java)
  • API 4: Denial of Service (Java)

February 1, 2023

New Security Labs lessons

OWASP Top 10 2021 labs
  • OWASP 1: Broken Access Control - Loose Lips Sink Servers (.NET)
  • Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)
OWASP API Security Top 10 labs
  • API 3: Bugs in Debug (Java)
  • API 3: Revealing Schemas (Java)

January 4, 2023

New Security Labs lessons

OWASP Top 10 2021 labs

New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (.NET)

OWASP API Security Top 10 labs
  • API 2: Really, Really Bad Passwords (Java)
  • API 2: Terrible Password (Java)

2022 updates

2022 updates

December 6, 2022

New Security Labs lessons

OWASP Top 10 2021 labs
  • OWASP 4: Insecure Design - Insecure Decisions (.NET, Java)
  • OWASP 4: Making Secure Decisions (Java)
OWASP API Security Top 10 labs
  • API 1: One ID to Access All Objects (Java)
  • API 1: Stronger IDs (Java)
Getting Started Labs

New Getting Started - Lesson Zero (Java, Node)

November 1, 2022

New Security Labs lessons

OWASP Top 10 2021 labs
  • OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
  • OWASP 4: Insecure Design - Valid Deficit (.NET)
OWASP API Security Top 10 labs

New API 4: Lack of Resources & Rate Limiting - Denial of Service

October 4, 2022

New Security Labs lessons

OWASP Top 10 2021 labs
  • OWASP 4: Insecure Design - Valid Deficit (Node)
  • OWASP 9: Security Logging and Monitoring Failures - Hold the Line (.NET, Java)

September 26, 2022

Topic Progress Bar Now Focused on Required Labs

In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.

September 6, 2022

One New Security Labs Lesson

OWASP Top 10 2021 labs

New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)

August 24, 2022

New Click-Through Tour

August 3, 2022

Three New API Security Labs Lessons

OWASP API Security Top 10 labs
  • New API 9 Improper Assets Management - Unprotected deployments (.NET)
  • New API 10 Insufficient Logging & Monitoring - The Importance of Logging and Monitoring (.NET)
  • New API 10 Insufficient Logging & Monitoring - Logging in the API Infrastructure (.NET)

July 6, 2022

Seven New API Security Labs Lessons and One Updated OWASP Course

OWASP API Security Top 10 labs
  • New API 7 Security Misconfiguration - Jot down this key (.NET)
  • New API 7 Security Misconfiguration - Secret Admins (.NET)
  • New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
  • New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
  • New API 8 Injection - Own the database (.NET)
  • New API 8 Injection - Parameterize all the things (.NET)
  • New API 8 Injection - Bobby Tables (.NET)
OWASP Top 10:2021:10 Server-Side Request Forgery

New Get There From Here (Node)

June 30, 2022

Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials
  • Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
  • Added two new AppSec Tutorials on Learner Level 2

June 1, 2022

The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses

OWASP API Security Top 10 labs
  • API5:2019 Neglected endpoints (.NET)
  • API6:2019 Bad Design Compromises Security (.NET)
OWASP Top 10 2021 labs

See the Course Catalog for more details.

  • A01:2021 Broken Access Control
  • A02:2021 Cryptographic Failures
  • A03:2021 Injection
  • A05:2021 Security Misconfiguration
  • A06:2021 Vulnerable and Outdated Components
  • A07:2021 Identification and Authentication Failures
  • A08:2021 Software and Data Integrity Failures
  • A09:2021 Security Logging and Monitoring Failures

May 19, 2022

The Security Training Team Released Three New eLearning Courses and Updated One Course
  • Updated A04: eLearning Secure Architecture and Design
  • OWASP Top 10 2021
  • A10: Server-Side Request Forgery AppSec Tutorial
  • A08: Software and Data Integrity Failures AppSec Tutorial

May 4, 2022

The Security Training Team Released Seven Labs

OWASP API Security Top 10 Labs:

  • API3:2019 Excessive Data Exposure - Bugs in Debug (.NET)
  • API3:2019 Excessive Data Exposure - Revealing Schemas (.NET)
  • API4:2019 Lack of Resources and Rate Limiting - Slow Down (.NET)
  • API4:2019 Lack of Resources and Rate Limiting - Brute Force (.NET)

OWASP Top 10 2021 Labs:

  • A04:2021 Insecure Design - Making Secure Decisions (.NET)
  • A08:2021 Software and Data Integrity Failures - Sleeping With the Enemy (.NET, Node)
  • A10:2021 Server-Side Request Forgery - Get There From Here (Java)

April 6, 2022

Two New Labs
  • OWASP API #1 - Broken Object Level Authorization
  • OWASP API #2 - Broken User Authentication

2021 updates

2021 updates

April 28, 2021

New Video - Access and Navigate the Veracode Security Labs Interface

This video shows you how to:

  • Access and navigate the lab interface
  • Access and interact with the web application, when applicable
  • Communicate with teammates who have completed the lab
  • Save lab progress or restart the lab
New Video - View and Filter Labs in Veracode Security Labs

This video shows you how to:

  • View new, required, and in progress labs
  • Filter labs by programming language
New Video - Edit and Assign Security Labs Roles to Users
  • This video shows you how to edit roles, assign roles to users, and create managers for those roles in Veracode Security Labs.
New Video - Create a Campaign and Assign Content to Roles in Security Labs
  • This video shows you how to create a new campaign and assign content to roles in Veracode Security Labs.
New Video - Customize Lab Content in Veracode Security Labs

Watch this video to learn how to:

  • Customize lab content by modifying or writing your own conclusion
  • Write your own labs using Security Labs as a sandbox
  • Create an example application using your own code
New Video - Add and View Due Dates for Assignments in Veracode Security Labs

Watch this video to learn how to:

  • Add and view a due date for an assignment
  • Enable competition mode as an administrator
New Video - View and Report on User Progress in the Veracode Security Labs Reporting Page
  • This video shows you how to report on user progress in Veracode Security Labs and the API.

April 27, 2021

Automated User Progress Notifications

You can configure automated email notifications to accomplish these tasks for Veracode Security Labs:

  • Inform managers of their team progress in a campaign or assignment
  • Remind users when they have required labs that are incomplete

You can define the schedule and customize the message for each notification type.

April 2, 2021

New Video - Create Users Within Veracode Security Labs or by Using Your Company SSO
  • This video shows you how to create users from within the Security Labs interface.

March 4, 2021

Enable Team-Based Competition in Security Labs
  • You can create Veracode Security Labs campaigns that allows users to collaborate and compete between groups. If you enable competition mode and assign different roles to users, the leader board for the campaign adds the scores by role and displays the collective team totals.
Continuous Learning Paths in Security Labs
  • You can assign Security Labs users to continuous campaigns that automatically provide the next assignment after the user completes the required labs of the previous assignment.
Allow Step Omissions in Security Labs
  • You can configure Security Labs to allow users to skip steps in a lab that they cannot complete. Users do not receive points for skipped steps.

  • This feature only applies to Java OWASP labs.

2020 updates

2020 updates

November 23, 2020

Auto-Extend for eLearning Enabled by Default
  • The default setting for new Veracode eLearning course track assignments is to automatically extend when their subscription periods end.
Improved eLearning Performance
  • Veracode has increased the loading speed of the My Team's Courses page in Veracode eLearning.

October 29, 2020

Improvements to eLearning

Veracode has made these improvements to eLearning:

  • eLearning administrators can now assign a learner to multiple eLearning curricula.
  • Veracode added seven new Secure Coding Foundation courses to learner level 1. Learners who previously completed level 1 must take the newly-added courses to complete this level. Because each level depends on the previous level, these levels show as incomplete until the learner completes them.
  • The eLearning report for learners now includes a Date Started column.
  • The eLearning settings have been removed from the Admin > Manage Users page. All eLearning administration actions are now available from the Admin > eLearning page. This page provides a centralized location where you can use filtering options and perform all actions on one or more learners.
  • The eLearning fields have been removed from the SAML Self-Registration page.

August 29, 2020

Improvements to Security Labs

Veracode has made these improvements to Security Labs:

  • Integration with the Veracode Platform. By default, if you have the Security Labs User role, Veracode automatically creates your Security Labs account in the Platform. If you have the Administrator role, you automatically have administrator permissions within Security Labs.
  • New Assignment Creation wizard. When creating a new set of lab assignments on the Assign Content page, you can now get suggested lab assignments based on a focus. For example, Beginner/Intermediate/Advanced, PCI Training, Backend/Frontend, or Competition.
  • New Scala labs for the OWASP Top 10. These labs use the Play framework.

June 27, 2020

Enhancements to eLearning Curriculum Creation
  • Veracode has improved the user interface for creating an eLearning curriculum to make it easier for administrators to identify courses to add to a curriculum. The new user interface now includes the length and description of each course. When selecting courses, the administrator can also use a checkbox to make courses required.

June 2, 2020

Bulk Actions for eLearning Administrators
  • Veracode eLearning administrators can now apply actions, including assigning learners to tracks or curricula and enabling automatic track extensions, to multiple users at once. This enhancement simplifies the process of onboarding and managing eLearning users.