Learn about code vulnerability, why it happens, and how to eliminate it
Select a tutorial and start sharpening your skills!
This is a free version.
Known as CVE-2021-4034, Polkit was vulnerable to Local Privilege Escalation (LPE), meaning a non-privileged user can achieve root permissions. Play and Learn...
5-8 MIN
In this interactive tutorial, you will learn about Zabbix Improper Session Handling (known as CVE-2022-23131). What is it, what was the vulnerability found and how was fixed. Play and learn…
5-8 MIN
Vert.x-Web is a tool-kit for writing sophisticated modern web applications and HTTP microservices. In this interactive tutorial, we will demonstrate a recent XXE vulnerability found in Vert.x-web. Play and Learn...
5-8 MIN
Flask-Admin is an extension of a python Flask framework. It lets users add admin interfaces to Flask applications. In this interactive tutorial, we will demonstrate a recent XSS vulnerability found in the Flask-Admin. Play and Learn...
5-8 MIN
Apache Unomi is a Java open-source platform for managing customers and tracking their behavior. In this interactive tutorial, you will learn about Remote Code Execution vulnerabilities that have been found recently in Apache Unomi. Play and Learn...
5-8 MIN
Mozilla-Bleach is an HTML sanitizing library. After the sanitization process, the html code is processed by the browser. If the html code is malformed, the browser mutates the html, and after mutation, there is no sanitizer to make sure the html code doesn’t invoke scripts. In this interactive tutorial, you will learn how a sanitizer, which supposed to be a protection against XSS, might expose the application to mutation XSS.
5-8 MIN
Cryptiles is an npm package of crypto helper methods. In April 2019, this package was deprecated as a result of a security defect, a new package called @hapi/cryptiles was published and yet, the users kept downloading the deprecated version. In this interactive tutorial, you will learn about vulnerabilities that have been found in Cryptiles and what are the consequences of using a deprecated version. Play and Learn...
5-8 MIN
ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. ECMAScript is a scripting-language specification standardized by Ecma International. eslint scope is the ECMAScript scope analyzer used in ESLint. In this interactive tutorial, you will learn how bad security habits of a developer could cause drastic consequences. Play and learn...
5-8 MIN
Pippo is an open source (Apache license) micro web framework in Java, with minimal dependencies and a quick learning curve. It is popular among the developers due to its ease of use. In this interactive tutorial, you will learn about a deserialization vulnerability that has been found recently in Pippo framework. Play and Learn...
5-8 MIN
Some versions of Apache Log4j2 are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration which can execute remote code. Play and Learn...
5-8 MIN