Lessons

Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.

Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.

Learn about the dangers of generating error messages that contain sensitive information. Learn to mitigate and fix this vulnerability from security experts.

Learn about the dangers of type confusion and the dangers of assuming a type. Learn to mitigate and fix the vulnerability from security experts.

Learn about the dangers of file uploads and the inefficiently restricted file uploads with dangerous types. Learn to mitigate and fix the vulnerability from experts.

Learn about the dangers of improper input validation and why you should never trust user input. Learn to mitigate and fix the vulnerability from experts.

Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn how to protect your code from server-side request forgery attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.

Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.

Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.

Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.

Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.

Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information

Learn how to protect your applications against malicious code injection by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization

Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.

Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.

Learn about XSS and how to protect your code from various cross-site scripting (XSS) attacks.

Learn what JavaScript prototype pollution is and how to prevent it.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn how to improve Kubernetes security by dropping default capabilities for a container.

Learn why using privileged mode on a container is a bad idea in almost all cases.