Lessons

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization

Learn how to protect your applications against malicious code injection in Java by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.

Learn how to protect your Java code from various forms of cross-site scripting (XSS) attacks.

Learn how to protect your code from directory traversal in Java by exploiting a vulnerable web server.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.

Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.

Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.

Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.

Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization

Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.

Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.

Learn how to protect your JavaScript code from various forms of cross-site scripting (XSS) attacks.

Learn what JavaScript prototype pollution is and how to prevent it.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.

Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.

Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Learn how to protect your code from directory traversal in Python by exploiting a vulnerable web server.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Learn how to protect your Python code from various forms of cross-site scripting (XSS) attacks.

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.

Learn how an open redirect attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization.

Learn how to protect your code from directory traversal in Go by exploiting a vulnerable web server.

Learn how to protect your Go code from various forms of cross-site scripting (XSS) attacks.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Learn how to protect your code from directory traversal in PHP by exploiting a vulnerable web server.

Learn how to protect your PHP code from various forms of cross-site scripting (XSS) attacks.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn how to protect your code from server-side request forgery attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.

Learn how to protect your C++ code from various forms of cross-site scripting (XSS) attacks.

Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization.

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization

Learn how to protect your code from directory traversal in C# by exploiting a vulnerable web server.

Learn how to protect your C# code from various forms of cross-site scripting (XSS) attacks.

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Learn how to improve Kubernetes security by dropping default capabilities for a container.

Learn why using privileged mode on a container is a bad idea in almost all cases.