Training updates
The updates on this page apply to Veracode Security Labs and Veracode eLearning. Updates that apply to specific Veracode regions show a region icon.
Security Labs is only available in the Commercial region. 
eLearning is available in all Veracode regions.
January 8, 2025
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 2: Insufficient Entropy (.NET, Python)
OWASP API Top 10 2023 labs
- OWASP API 6: The Great Referral Quest (.NET)
- OWASP API 10: Gift Cards at Risk (.NET)
December 11, 2024
New Security Labs features include CWE tagging for lessons and code syntax highlighting.
CWE tagging improves lesson assignment
- Admins can search lessons based on CWE or title.
- Learners can see lessons linked to specific CWEs.
Syntax highlighting improves clarity of code samples
- Learners see code syntax highlighting that is tailored to programming languages.
December 4, 2024
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 2: Insufficient Entropy (Node)
OWASP API Top 10 2023 labs
- OWASP API 6: The Great Referral Quest (Node)
- OWASP API 7: Retrieval Without Validation (Node)
- OWASP API 7: Retrieval Without Validation (.NET)
- OWASP API 10: Gift Cards at Risk (Node)
November 6, 2024
New Security Labs lessons
OWASP Top 10 2021 labs and OWASP API Top 10 2023 labs
Four NEW lessons have been released. This includes upgrading the OWASP API Security Top 10 from 2019 to 2023, and adding lessons for three new categories.
- OWASP 2: Insufficient Entropy (for Java)
- OWASP API 6: The Great Referral Quest (Java)
- OWASP API 7: Retrieval Without Validation (Java)
- OWASP API 10: Gift Cards at Risk (Java)
Lessons will be reorganized to fit into their new position in the OWASP API Security Top 10 (2023) list. An additional More OWASP Vulnerabilities for APIs category was added to include lessons that fall into categories that are no longer in the API Top 10.
September 5, 2024
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Redirect Rodeo (Java)
- OWASP 1: Forging User Requests (Java, Go, Rails)
May 1, 2024
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Forging User Requests (Python, Flask)
April 29, 2024
eLearning course updates
The following 32 courses now have updated cover pages and optional closed captions:
- Secure Coding Foundations (7 courses)
- AppSec Tutorials (11 courses)
- General Security (9 courses)
- Mobile Security (4 courses)
- OWASP Top Ten (2021) (1 course)
April 3, 2024
New Security Labs lessons
OWASP API Security Top 10 labs
- OWASP API 6: Bad Design Compromises Security (JavaScript)
- OWASP API 7: Jot Down this Key (JavaScript)
- OWASP API 7: Secret Admin (JavaScript)
- OWASP API 7: eXternal Entity Injection (JavaScript)
- OWASP API 7: XML is Always a Challenge (JavaScript)
- OWASP API 8: Own the Database (JavaScript)
- OWASP API 8: Parameterize All the Things (JavaScript)
- OWASP API 8: Bobby Tables (JavaScript)
- OWASP API 9: Unprotected Deployments (JavaScript)
- OWASP API 10: The Importance of Logging and Monitoring (JavaScript)
- OWASP API 10: Logging in the API Infrastructure (JavaScript)
March 6, 2024
New Security Labs lessons
OWASP API Security Top 10 labs
- OWASP API 1: One ID to Access All Objects (JavaScript)
- OWASP API 1: Stronger IDs (JavaScript)
- OWASP API 2: Really, Really Bad Passwords (JavaScript)
- OWASP API 2: Terrible Password (JavaScript)
- OWASP API 3: Bugs in Debug (JavaScript)
- OWASP API 3: Revealing Schemas (JavaScript)
- OWASP API 4: Slow Down (JavaScript)
- OWASP API 4: Brute Force (JavaScript)
- OWASP API 4: Denial of Service (JavaScript)
- OWASP API 5: Neglected Endpoints (JavaScript)
February 7, 2024
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Forging User Requests (.NET)
OWASP API Security Top 10 labs
- OWASP API 10: The Importance of Logging and Monitoring (Java)
- OWASP API 10: Logging in the API Infrastructure (Java)
January 16, 2024
New Security Labs lesson
OWASP API Security Top 10 labs
- OWASP API 9: Unprotected Deployments (Java)
December 6, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Redirect Rodeo (.NET, JavaScript)
- OWASP 8: Prototype Protection Agency (JavaScript)
OWASP API Security Top 10 labs
- OWASP API 8: Own the Database (Java)
- OWASP API 8: Parameterize All the Things (Java)
- OWASP API 8: Bobby Tables (Java)
November 1, 2023
New Security Labs lessons
OWASP API Security Top 10 labs
- API 7: Jot Down This Key (Java)
- API 7: Secret Admin (Java)
- API 7: eXternal Entity (Java)
- API 7: XML is Always a Challenge (Java)
May 3, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New OWASP 10: Get There From Here (Python, Go)
April 5, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New OWASP 10: Get There From Here (.NET, Flask)
OWASP API Security Top 10 labs
- API 5: Neglected Endpoints (Java)
- API 6: Bad Design Compromises Security (Java)
- API 6: Bad Design Compromises Security (.NET) (revamped!)
March 1, 2023
New Security Labs lessons
Getting Started Labs
New Getting Started - Lesson Zero (Flask, Go, Python)
OWASP Top 10 2021 labs
- OWASP 1: Broken Access Control - Secrets in the Log (Java)
- OWASP 4: Making Secure Decisions (Flask, Go, Python)
OWASP API Security Top 10 labs
- API 4: Slow Down (Java)
- API 4: Brute Force (Java)
- API 4: Denial of Service (Java)
February 1, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Broken Access Control - Loose Lips Sink Servers (.NET)
- Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)
OWASP API Security Top 10 labs
- API 3: Bugs in Debug (Java)
- API 3: Revealing Schemas (Java)
January 4, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (.NET)
OWASP API Security Top 10 labs
- API 2: Really, Really Bad Passwords (Java)
- API 2: Terrible Password (Java)
December 6, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 4: Insecure Design - Insecure Decisions (.NET, Java)
- OWASP 4: Making Secure Decisions (Java)
OWASP API Security Top 10 labs
- API 1: One ID to Access All Objects (Java)
- API 1: Stronger IDs (Java)
Getting Started Labs
New Getting Started - Lesson Zero (Java, Node)
November 1, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
- OWASP 4: Insecure Design - Valid Deficit (.NET)
OWASP API Security Top 10 labs
New API 4: Lack of Resources & Rate Limiting - Denial of Service
October 4, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 4: Insecure Design - Valid Deficit (Node)
- OWASP 9: Security Logging and Monitoring Failures - Hold the Line (.NET, Java)
September 26, 2022
Topic Progress Bar Now Focused on Required Labs
In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.
September 6, 2022
One New Security Labs Lesson
OWASP Top 10 2021 labs
New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)
August 24, 2022
New Click-Through Tour
- After an administrator assigns a user the Manager role, they are given a one-time option to take a tour about the actions managers can do in Security Labs.
- You can also read new documentation on manager permissions.
August 3, 2022
Three New API Security Labs Lessons
OWASP API Security Top 10 labs
- New API 9 Improper Assets Management - Unprotected deployments (.NET)
- New API 10 Insufficient Logging & Monitoring - The Importance of Logging and Monitoring (.NET)
- New API 10 Insufficient Logging & Monitoring - Logging in the API Infrastructure (.NET)
July 6, 2022
Seven New API Security Labs Lessons and One Updated OWASP Course
OWASP API Security Top 10 labs
- New API 7 Security Misconfiguration - Jot down this key (.NET)
- New API 7 Security Misconfiguration - Secret Admins (.NET)
- New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
- New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
- New API 8 Injection - Own the database (.NET)
- New API 8 Injection - Parameterize all the things (.NET)
- New API 8 Injection - Bobby Tables (.NET)
OWASP Top 10:2021:10 Server-Side Request Forgery
New Get There From Here (Node)
June 30, 2022
Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials
- Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
- Added two new AppSec Tutorials on Learner Level 2
June 1, 2022
The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses
OWASP API Security Top 10 labs
- API5:2019 Neglected endpoints (.NET)
- API6:2019 Bad Design Compromises Security (.NET)
OWASP Top 10 2021 labs
See the Course Catalog for more details.
- A01:2021 Broken Access Control
- A02:2021 Cryptographic Failures
- A03:2021 Injection
- A05:2021 Security Misconfiguration
- A06:2021 Vulnerable and Outdated Components
- A07:2021 Identification and Authentication Failures
- A08:2021 Software and Data Integrity Failures
- A09:2021 Security Logging and Monitoring Failures
May 19, 2022
The Security Training Team Released Three New eLearning Courses and Updated One Course
- Updated A04: eLearning Secure Architecture and Design
- OWASP Top 10 2021
- A10: Server-Side Request Forgery AppSec Tutorial
- A08: Software and Data Integrity Failures AppSec Tutorial
May 4, 2022
The Security Training Team Released Seven Labs
OWASP API Security Top 10 Labs:
- API3:2019 Excessive Data Exposure - Bugs in Debug (.NET)
- API3:2019 Excessive Data Exposure - Revealing Schemas (.NET)
- API4:2019 Lack of Resources and Rate Limiting - Slow Down (.NET)
- API4:2019 Lack of Resources and Rate Limiting - Brute Force (.NET)
OWASP Top 10 2021 Labs:
- A04:2021 Insecure Design - Making Secure Decisions (.NET)
- A08:2021 Software and Data Integrity Failures - Sleeping With the Enemy (.NET, Node)
- A10:2021 Server-Side Request Forgery - Get There From Here (Java)
April 6, 2022
Two New Labs
- OWASP API #1 - Broken Object Level Authorization
- OWASP API #2 - Broken User Authentication