Shadow Health: Medical Information Management Web Application

CMD+CTRL Cyber Range Training


Shadow Health is a purposely vulnerable simulation of a Medical Information Management portal that allows both patients and providers to share information with each other: appointments, prescriptions, visit summaries and the like.

Built as a follow-up to the popular Shadow Bank cyber range, Shadow Health continues to focus on building software security skills for multiple roles and experience levels across the entire SDLC, including product owners, project managers, developers, QA specialists and more.

Not just for healthcare providers, the vulnerabilities and tech stacks found within Shadow Health are reflective of any Single-Page Application (SPA) or traditional web application.

Security Challenges and Vulnerability Types

Shadow Health is an SPA environment that focuses on Application Security including both classic and newer vulnerability types.

This range is made up of 42 security challenges and 14 different vulnerability types including Broken Access Controls, Injection, and Cross-Site Scripting. It also includes special Capture The Flag (CTF) challenges and other hidden surprises.

How Shadow Health Differs From Other CMD+CTRL Cyber Ranges

  • Multiple attack surfaces
  • Greater mix of challenge levels that appeals to all experience levels
  • Greater variety of challenge types than all other Core ranges — requiring more cross functional collaboration
  • Incorporates modern challenges from the most recent 2021 OWASP Top 10 list

Teams Learn

  • How vulnerabilities work in a realistic environment
  • The real-world implications of insecure applications
  • The need to restrict sensitive data using multiple access controls
  • How and where NOT to store sensitive data
  • Understand not just how vulnerabilities work, but how they are exploited by attackers
  • Practice and master the skills they learned in courses
Work toward a more collaborative and secure culture