Snyk Learn

Security education designed for developers

Try out our free, self-paced security education for developers. Keep your code safe by learning how to exploit and mitigate vulnerabilities in hands-on tutorials.

Uplevel your security skills

Learn at your own pace, at your own convenience, and in the coding language that's right for you. Or use it directly from Snyk to learn about vulnerabilities as you find them. Pick your ecosystem, choose a lesson, and get started!

Select your ecosystem:

JavaScript

SQL injection

Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.

Directory traversal

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.

Prototype pollution

Learn what JavaScript prototype pollution is and how to prevent it.

Cross-site scripting

Learn how to protect your JavaScript code from various forms of cross-site scripting (XSS) attacks.

Server-side request forgery

Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.

Code injection

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Java

SQL injection

Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.

Directory traversal

Learn how to protect your code from directory traversal in Java by exploiting a vulnerable web server.

Cross-site scripting

Learn how to protect your Java code from various forms of cross-site scripting (XSS) attacks.

Log4Shell vulnerability

Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.

C#

SQL injection

Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.

Cross-site scripting

Learn how to protect your C# code from various forms of cross-site scripting (XSS) attacks.

Directory traversal

Learn how to protect your code from directory traversal in C# by exploiting a vulnerable web server.

Go

SQL injection

Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.

Cross-site scripting

Learn how to protect your Go code from various forms of cross-site scripting (XSS) attacks.

Directory traversal

Learn how to protect your code from directory traversal in Go by exploiting a vulnerable web server.

PHP

SQL injection

Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.

Cross-site scripting

Learn how to protect your PHP code from various forms of cross-site scripting (XSS) attacks.

Directory traversal

Learn how to protect your code from directory traversal in PHP by exploiting a vulnerable web server.

Kubernetes

Container does not drop all default capabilities

Learn how to improve Kubernetes security by dropping default capabilities for a container.

Container is running in privileged mode

Learn why using privileged mode on a container is a bad idea in almost all cases.

Python

Cross-site scripting

Learn how to protect your Python code from various forms of cross-site scripting (XSS) attacks.

SQL injection

Learn how to create SQL queries securely and avoid SQL injections attempts by malicious third parties.

About Snyk

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.