Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
Snyk Learn
Security education designed for developers
Try out our free, self-paced security education for developers. Keep your code safe by learning how to exploit and mitigate vulnerabilities in hands-on tutorials.
Start Learning
Uplevel your security skills
Learn at your own pace, at your own convenience, and in the coding language that's right for you. Or use it directly from Snyk to learn about vulnerabilities as you find them. Pick your ecosystem, choose a lesson, and get started!
Select your ecosystem:
JavaScript
Code injection
Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
Server-side request forgery
Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
Directory traversal
Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.
Cross-site scripting
Learn how to protect your JavaScript code from various forms of cross-site scripting (XSS) attacks.
Prototype pollution
Learn what JavaScript prototype pollution is and how to prevent it.
SQL injection
Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.
Java
Spring4Shell
Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
Insecure deserialization
Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real world examples from security experts.
Log4Shell vulnerability
Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.
Directory traversal
Learn how to protect your code from directory traversal in Java by exploiting a vulnerable web server.
Cross-site scripting
Learn how to protect your Java code from various forms of cross-site scripting (XSS) attacks.
SQL injection
Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.
Python
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
Directory traversal
Learn how to protect your code from directory traversal in PHP by exploiting a vulnerable web server.
SQL injection
Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.
Cross-site scripting
Learn how to protect your Python code from various forms of cross-site scripting (XSS) attacks.
PHP
Code injection
Learn how to protect your applications against malicious code injection in PHP by exploiting a vulnerable web app as part of this Snyk Learn lesson.
Cross-site scripting
Learn how to protect your PHP code from various forms of cross-site scripting (XSS) attacks.
SQL injection
Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
