Lessons

java XML external entity injection
java
NEW

XML external entity injection

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
java Insecure hash
java

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
java Code injection
java

Code injection

Learn how to protect your applications against malicious code injection in Java by exploiting a vulnerable web app as part of this Snyk Learn lesson.
java Spring4Shell
java

Spring4Shell

Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.
java Open redirect
java

Open redirect

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
java Insecure deserialization
java

Insecure deserialization

Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
java Log4Shell vulnerability
java

Log4Shell vulnerability

Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.
java Cross-site scripting
java

Cross-site scripting

Learn how to protect your Java code from various forms of cross-site scripting (XSS) attacks.
java Directory traversal
java

Directory traversal

Learn how to protect your code from directory traversal in Java by exploiting a vulnerable web server.
java SQL injection
java

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
javascript Memory leaks
javascript

Memory leaks

Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Mass assignment
javascript

Mass assignment

Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Insecure temporary file
javascript

Insecure temporary file

Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.
javascript Cleartext storage of sensitive information in a cookie
javascript

Cleartext storage of sensitive information in a cookie

Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.
javascript XPath injection
javascript

XPath injection

Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Weak password recovery
javascript

Weak password recovery

A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.
javascript Insecure Randomness
javascript

Insecure Randomness

Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.
javascript NoSQL injection attack
javascript

NoSQL injection attack

Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information
javascript No rate limiting
javascript

No rate limiting

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
javascript Vulnerable and outdated components
javascript

Vulnerable and outdated components

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
javascript Logging vulnerabilities
javascript

Logging vulnerabilities

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.
javascript Insecure design
javascript

Insecure design

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript Insecure hash
javascript

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
javascript ReDoS
javascript

ReDoS

Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization
javascript Broken access control
javascript

Broken access control

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
javascript XML external entity injection
javascript

XML external entity injection

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
javascript Cross site request forgery
javascript

Cross site request forgery

Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.
javascript DOM XSS
javascript

DOM XSS

Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.
javascript Open redirect
javascript

Open redirect

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
javascript Server-side request forgery
javascript

Server-side request forgery

Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
javascript Code injection
javascript

Code injection

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
javascript Directory traversal
javascript

Directory traversal

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.
javascript Cross-site scripting
javascript

Cross-site scripting

Learn how to protect your JavaScript code from various forms of cross-site scripting (XSS) attacks.
javascript Prototype pollution
javascript

Prototype pollution

Learn what JavaScript prototype pollution is and how to prevent it.
javascript SQL injection
javascript

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
python Vulnerable and outdated components
python

Vulnerable and outdated components

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
python No rate limiting
python

No rate limiting

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
python Server-side request forgery
python

Server-side request forgery

Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
python Logging vulnerabilities
python

Logging vulnerabilities

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.
python XML external entity injection
python

XML external entity injection

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
python Broken access control
python

Broken access control

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
python LDAP injection
python

LDAP injection

Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
python Insecure design
python

Insecure design

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
python Insecure hash
python

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
python Code injection
python

Code injection

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
python Open redirect
python

Open redirect

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
python Directory traversal
python

Directory traversal

Learn how to protect your code from directory traversal in Python by exploiting a vulnerable web server.
python SQL injection
python

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
python Cross-site scripting
python

Cross-site scripting

Learn how to protect your Python code from various forms of cross-site scripting (XSS) attacks.
golang No rate limiting
golang

No rate limiting

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
golang Open redirect
golang

Open redirect

Learn how an open redirect attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
golang Insecure hash
golang

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization.
golang Directory traversal
golang

Directory traversal

Learn how to protect your code from directory traversal in Go by exploiting a vulnerable web server.
golang Cross-site scripting
golang

Cross-site scripting

Learn how to protect your Go code from various forms of cross-site scripting (XSS) attacks.
golang SQL injection
golang

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
php No rate limiting
php

No rate limiting

Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
php Open redirect
php

Open redirect

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
php Insecure hash
php

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
php Code injection
php

Code injection

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
php Directory traversal
php

Directory traversal

Learn how to protect your code from directory traversal in PHP by exploiting a vulnerable web server.
php Cross-site scripting
php

Cross-site scripting

Learn how to protect your PHP code from various forms of cross-site scripting (XSS) attacks.
php SQL injection
php

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
cpp Use after free
cpp
NEW

Use after free

Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp Server-side request forgery
cpp

Server-side request forgery

Learn how to protect your code from server-side request forgery attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
cpp Insecure design
cpp

Insecure design

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp Vulnerable and outdated components
cpp

Vulnerable and outdated components

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
cpp XML external entity injection
cpp

XML external entity injection

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
cpp Broken access control
cpp

Broken access control

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
cpp Cross-site scripting
cpp

Cross-site scripting

Learn how to protect your C++ code from various forms of cross-site scripting (XSS) attacks.
cpp Null dereference
cpp

Null dereference

Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp Insecure hash
cpp

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization.
csharp XML external entity injection
csharp
NEW

XML external entity injection

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
csharp Open redirect
csharp

Open redirect

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
csharp Insecure hash
csharp

Insecure hash

Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
csharp Directory traversal
csharp

Directory traversal

Learn how to protect your code from directory traversal in C# by exploiting a vulnerable web server.
csharp Cross-site scripting
csharp

Cross-site scripting

Learn how to protect your C# code from various forms of cross-site scripting (XSS) attacks.
csharp SQL injection
csharp

SQL injection

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
kubernetes Container does not drop all default capabilities
kubernetes

Container does not drop all default capabilities

Learn how to improve Kubernetes security by dropping default capabilities for a container.
kubernetes Container is running in privileged mode
kubernetes

Container is running in privileged mode

Learn why using privileged mode on a container is a bad idea in almost all cases.