Lessons
Filter
java
NEW
XML external entity injection
Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
java
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
java
Code injection
Learn how to protect your applications against malicious code injection in Java by exploiting a vulnerable web app as part of this Snyk Learn lesson.
java
Spring4Shell
Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.
java
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
java
Insecure deserialization
Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
java
Log4Shell vulnerability
Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.
java
Cross-site scripting
Learn how to protect your Java code from various forms of cross-site scripting (XSS) attacks.
java
Directory traversal
Learn how to protect your code from directory traversal in Java by exploiting a vulnerable web server.
java
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
javascript
Memory leaks
Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript
Mass assignment
Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript
Insecure temporary file
Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.
javascript
Cleartext storage of sensitive information in a cookie
Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.
javascript
XPath injection
Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript
Weak password recovery
A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.
javascript
Insecure Randomness
Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.
javascript
NoSQL injection attack
Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information
javascript
No rate limiting
Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
javascript
Vulnerable and outdated components
A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
javascript
Logging vulnerabilities
Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.
javascript
Insecure design
Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
javascript
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
javascript
ReDoS
Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization
javascript
Broken access control
Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
javascript
XML external entity injection
Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
javascript
Cross site request forgery
Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.
javascript
DOM XSS
Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.
javascript
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
javascript
Server-side request forgery
Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
javascript
Code injection
Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
javascript
Directory traversal
Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.
javascript
Cross-site scripting
Learn how to protect your JavaScript code from various forms of cross-site scripting (XSS) attacks.
javascript
Prototype pollution
Learn what JavaScript prototype pollution is and how to prevent it.
javascript
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
python
Vulnerable and outdated components
A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
python
No rate limiting
Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
python
Server-side request forgery
Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
python
Logging vulnerabilities
Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.
python
XML external entity injection
Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
python
Broken access control
Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
python
LDAP injection
Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
python
Insecure design
Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
python
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
python
Code injection
Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
python
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
python
Directory traversal
Learn how to protect your code from directory traversal in Python by exploiting a vulnerable web server.
python
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
python
Cross-site scripting
Learn how to protect your Python code from various forms of cross-site scripting (XSS) attacks.
golang
No rate limiting
Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
golang
Open redirect
Learn how an open redirect attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
golang
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization.
golang
Directory traversal
Learn how to protect your code from directory traversal in Go by exploiting a vulnerable web server.
golang
Cross-site scripting
Learn how to protect your Go code from various forms of cross-site scripting (XSS) attacks.
golang
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
php
No rate limiting
Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
php
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
php
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
php
Code injection
Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson.
php
Directory traversal
Learn how to protect your code from directory traversal in PHP by exploiting a vulnerable web server.
php
Cross-site scripting
Learn how to protect your PHP code from various forms of cross-site scripting (XSS) attacks.
php
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
cpp
NEW
Use after free
Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp
Server-side request forgery
Learn how to protect your code from server-side request forgery attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
cpp
Insecure design
Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp
Vulnerable and outdated components
A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
cpp
XML external entity injection
Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
cpp
Broken access control
Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
cpp
Cross-site scripting
Learn how to protect your C++ code from various forms of cross-site scripting (XSS) attacks.
cpp
Null dereference
Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.
cpp
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization.
csharp
NEW
XML external entity injection
Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
csharp
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
csharp
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
csharp
Directory traversal
Learn how to protect your code from directory traversal in C# by exploiting a vulnerable web server.
csharp
Cross-site scripting
Learn how to protect your C# code from various forms of cross-site scripting (XSS) attacks.
csharp
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.
kubernetes
Container does not drop all default capabilities
Learn how to improve Kubernetes security by dropping default capabilities for a container.
kubernetes
Container is running in privileged mode
Learn why using privileged mode on a container is a bad idea in almost all cases.