Lessons

java Spring4Shell

Spring4Shell

Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.
java Insecure deserialization

Insecure deserialization

Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
java Log4Shell vulnerability

Log4Shell vulnerability

Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.
javascript Error messages containing sensitive informationNEW

Error messages containing sensitive information

Learn about the dangers of generating error messages that contain sensitive information. Learn to mitigate and fix this vulnerability from security experts.
javascript Type confusion

Type confusion

Learn about the dangers of type confusion and the dangers of assuming a type. Learn to mitigate and fix the vulnerability from security experts.
javascript Unrestricted upload of files with dangerous types

Unrestricted upload of files with dangerous types

Learn about the dangers of file uploads and the inefficiently restricted file uploads with dangerous types. Learn to mitigate and fix the vulnerability from experts.
javascript Improper input validation

Improper input validation

Learn about the dangers of improper input validation and why you should never trust user input. Learn to mitigate and fix the vulnerability from experts.
javascript Memory leaks

Memory leaks

Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Mass assignment

Mass assignment

Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Server-side request forgery

Server-side request forgery

Learn how to protect your code from server-side request forgery attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
javascript Insecure temporary file

Insecure temporary file

Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.
javascript Cleartext storage of sensitive information in a cookie

Cleartext storage of sensitive information in a cookie

Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.
javascript XPath injection

XPath injection

Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Weak password recovery

Weak password recovery

A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.
javascript Logging vulnerabilities

Logging vulnerabilities

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.
javascript Insecure Randomness

Insecure Randomness

Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.
javascript NoSQL injection attack

NoSQL injection attack

Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information
javascript Code injection

Code injection

Learn how to protect your applications against malicious code injection by exploiting a vulnerable web app as part of this Snyk Learn lesson.
javascript No rate limiting

No rate limiting

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
javascript Vulnerable and outdated components

Vulnerable and outdated components

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
javascript Insecure design

Insecure design

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Insecure hash

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
javascript ReDoS

ReDoS

Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization
javascript Broken access control

Broken access control

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
javascript XML external entity injection

XML external entity injection

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
javascript Cross site request forgery

Cross site request forgery

Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.
javascript DOM XSS

DOM XSS

Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.
javascript Open redirect

Open redirect

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
javascript Directory traversal

Directory traversal

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.
javascript Cross-site scripting

Cross-site scripting

Learn about XSS and how to protect your code from various cross-site scripting (XSS) attacks.
javascript Prototype pollution

Prototype pollution

Learn what JavaScript prototype pollution is and how to prevent it.
javascript SQL injection

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
python LDAP injection

LDAP injection

Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp Use after free

Use after free

Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp Null dereference

Null dereference

Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.
kubernetes Container does not drop all default capabilities

Container does not drop all default capabilities

Learn how to improve Kubernetes security by dropping default capabilities for a container.
kubernetes Container is running in privileged mode

Container is running in privileged mode

Learn why using privileged mode on a container is a bad idea in almost all cases.