Challenge Your AppSec Knowledge- On Us.
Buff up your ability to prevent vulnerabilities and test your Attack & Defend skills with our free CMD+CTRL Lab Series.
To show off the latest addition to CMD+CTRL Base Camp – we’re opening a series of 4 short Lab Journeys designed to test how well-rounded your software security skills are. You’ll spot vulnerabilities and learn to defend your software against both active and future attacks – in completely safe, virtual environments.
Four Training Journeys – Right now.
When you register, you’ll get access to the entire series of CMD+CTRL Labs, split into four short Journeys. While you can power through the entire program in days, we recommend completing one Journey per week.
Journey 1 and 2: Identifying Vulnerabilities in your Software
Integrating the OWASP Top 10 into your SDLC demonstrates your organization’s commitment to best practices for secure software development. We’ve curated a group of CMD+CTRL Learn Labs which focus directly on these vulnerabilities. These hands-on exercises last 5-7 minutes each and demonstrate how these vulnerabilities can be identified (and rectified) to help you to make safer software.
OWASP: Journey (Part 1)
| Identifying Broken Access Control Vulnerabilities | Identifying Cryptographic Failures |
| Identifying Broken Object-Level Authorization Vulnerabilities | Identifying Cookie Tampering |
| Identifying Business Logic Flaw Vulnerabilities | Identifying Reflective XSS |
| Identifying Credential Dumping: Vulnerability Identification | Identifying Persistent XSS |
| Identifying Cross-Site Scripting Vulnerabilities | Identifying XML Injection |
| Identifying Injection Vulnerabilities | Identifying Insecure APIs |
| Identifying Sensitive Data Exposure Vulnerability Identification |
OWASP: Journey (Part 2)
| Identifying Broken User Authentication Vulnerabilities | Identifying Hidden Form Field |
| Identifying Reverse Engineering Vulnerabilities | Identifying Weak File Upload Validation |
| Identifying Security Misconfiguration Vulnerabilities | Identifying Vulnerable and Outdate Components |
| Identifying Server-Side Request Forgery | ATT&CK: Updating Vulnerable Java Web Application Server Software |
| Identifying Forceful Browsing |
Journey 3: Beef Up Your Attack Skills
The next Journey in the Series consists of Skill Labs putting you a bit closer to the attacker’s seat. You’ll learn to Identify privilege escalation while also learning exactly how an attacker exploits your server software.
Many of the hand-on lab challenges in this journey rely on the MITRE ATT&CK® framework which provides a methodical, systematic approach to attack response. They’ll prepare you for these attacks in a realistic, yet completely safe, virtual setting.
Attack Journey
| Identifying Vertical Privilege Escalation | Exploiting Java SQL Injection to Extract Password Hashes |
| Identifying Horizontal Privilege Escalation | Exploiting Vulnerable Java Web Application Server Software |
| Identifying Buffer Overflow | Exploiting Java Web Application Server Misconfiguration |
| Identifying Information Leakage | Exploiting Windows File Sharing Server with External Remote Services |
| Password Cracking |
Journey 4: Fortifying your Defensive Skills
The last journey in the series concentrates on software defense: how you can better prepare your software (and yourself) for the road ahead.
This journey includes defensive software security skills developers can use right away, including taking defensive measures against SQL injection, cross-site scripting, XXE vulnerabilities, parameter tampering and more.
Defend Journey
| Defending Against Hard-Coded Secret | Defending Against eXternal XML Entity (XXE) Vulnerabilities |
| Defending Against SQL Injection | Defending Against Parameter Tampering |
| Defending Against Weak AES ECB Mode Encryption | Defending Against Security Misconfiguration |
| Defending Against Weak PRNG | Defending Against Plaintext Password Storage |
| Defending Against XSS |
Start Now
Sign up now to access all Journeys.
Why is the Lab Journey Series so effective?
Through February 2023, you’ll have access to over 40 free Labs to sink your teeth into. These labs provide dozens of realistic, hands-on examples of vulnerabilities and threat scenarios. Through each experience, you’ll gain tangible skills that you can apply every day — making you better prepared to secure your software and your organization. Best of all, we’ve designed each journey to both maximize enjoyment and fit into busy schedules.
Over these 4 Lab Journeys, you’ll experience two distinct types of labs:
Learn Labs
Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view. Hints and guidance are based on each participant’s level of competency – and begin to build both an offensive and defensive mindset.
Skill Labs
Skill Labs are technical exercises designed to modernize your software development teams’ security skills. They give learners the tools they need to both respond to and fix software security issues – in safe, simulated environments.