Free AppSec Training

Secure Coding Developer Training

At Global Learning Systems, we want every software engineer to have free access to developer security training. These free training exercises – including OWASP Top 10 for Web and API, AWS Top 10 and Front-end Top 10 – are the first steps in that direction. Inspired by real-world vulnerabilities and case studies, we have created a series of interactive application security training modules to help developers understand, identify and mitigate security vulnerabilities in their applications. Have fun and take the free training now!

CapitalOneSSRF a web page displaying an insecure connection.
Capital One SSRF
A script being entered in a web page separate from the main one.
TikTok Cross Site Scripting
Ruby rest-client Backdoor, a dependency.xml file
Ruby rest-client Backdoor
Two web pages representing an sql injection
SQL Injection
Command injection demonstrated by a url bar being used to inject code into a site
Command Injection
An XML file being uploaded to a webpage's file upload location allowing for a compromised website.
XML Entity Injection
Code being injected into webpage
Directory Traversal
A series of random numbers on a webpage. One being hard to predict the other being sequential. The truly random one has a sheild, the sequential one has an open padlock.
Weak Randomness
A malicious webpage overlaying a normal webpage
Session Fixation
A web page reflected onto a malcisious one
Reflected Cross Site Scripting
An orange webpage representing stored cross site scripting
Stored Cross Site Scripting
A series of random numbers on a webpage. One being hard to predict the other being sequential. The truly random one has a sheild, the sequential one has an open padlock.
Force Browsing
A webpage with debug code being used to get around security.
Leftover Debug Code
TokenExposureinURL a browser with an exposed access token
Personally Identifiable Data in URL
TokenExposureinURL a browser with an exposed access token
Token Exposure in URL
User Enumeration displayed through a series of webpages
User Enumeration
A webpage with debug code being used to get around security.
Vertical Privilege Escalation
CapitalOneSSRF a web page displaying an insecure connection.
Host Header Injection
Two webpages
Clickjacking
Two websites representing a DOM XSS
Horizontal Privilege Escalation
Two websites and a street directory sign representing an insecure redirect
Insecure URL Redirect
Orange icon of two websites being involved in a cross site forged request
Cross-Site Request Forgery
Ruby rest-client Backdoor, a dependency.xml file
Components With Known Vulnerabilities
Two websites representing a DOM XSS
DOM XSS
CapitalOneSSRF a web page displaying an insecure connection.
Capital One SSRF
A script being entered in a web page separate from the main one.
TikTok Cross Site Scripting
Ruby rest-client Backdoor, a dependency.xml file
Ruby rest-client Backdoor
Two web pages representing an sql injection
SQL Injection
Command injection demonstrated by a url bar being used to inject code into a site
Command Injection
An XML file being uploaded to a webpage's file upload location allowing for a compromised website.
XML Entity Injection
Code being injected into webpage
Directory Traversal
A series of random numbers on a webpage. One being hard to predict the other being sequential. The truly random one has a sheild, the sequential one has an open padlock.
Weak Randomness
A malicious webpage overlaying a normal webpage
Session Fixation
A web page reflected onto a malcisious one
Reflected Cross Site Scripting
An orange webpage representing stored cross site scripting
Stored Cross Site Scripting
A series of random numbers on a webpage. One being hard to predict the other being sequential. The truly random one has a sheild, the sequential one has an open padlock.
Force Browsing
A webpage with debug code being used to get around security.
Leftover Debug Code
TokenExposureinURL a browser with an exposed access token
Personally Identifiable Data in URL
TokenExposureinURL a browser with an exposed access token
Token Exposure in URL
User Enumeration displayed through a series of webpages
User Enumeration
A webpage with debug code being used to get around security.
Vertical Privilege Escalation
CapitalOneSSRF a web page displaying an insecure connection.
Host Header Injection
Two webpages
Clickjacking
Two websites representing a DOM XSS
Horizontal Privilege Escalation
Two websites and a street directory sign representing an insecure redirect
Insecure URL Redirect
Orange icon of two websites being involved in a cross site forged request
Cross-Site Request Forgery
Ruby rest-client Backdoor, a dependency.xml file
Components With Known Vulnerabilities
Two websites representing a DOM XSS
DOM XSS
CMYK_GLSIcon-Color1200px

Take a deeper dive into application security training for developers

GLS Logo

Your download is complete!

Need more training?