CMD+CTRL Journey Series

Challenge Your AppSec Knowledge- On Us.

Buff up your ability to prevent vulnerabilities and test your Attack & Defend skills with our free CMD+CTRL Lab Series.

To show off the latest addition to CMD+CTRL Base Camp – we’re opening a series of 4 short Lab Journeys designed to test how well-rounded your software security skills are. You’ll spot vulnerabilities and learn to defend your software against both active and future attacks – in completely safe, virtual environments.

Four Training Journeys – Right now.

When you register, you’ll get access to the entire series of CMD+CTRL Labs, split into four short Journeys. While you can power through the entire program in days, we recommend completing one Journey per week.

Journey 1 and 2:  Identifying Vulnerabilities in your Software

Integrating the OWASP Top 10 into your SDLC demonstrates your organization’s commitment to best practices for secure software development. We’ve curated a group of CMD+CTRL Learn Labs which focus directly on these vulnerabilities. These hands-on exercises last 5-7 minutes each and demonstrate how these vulnerabilities can be identified (and rectified) to help you to make safer software.

OWASP: Journey (Part 1)

Identifying Broken Access Control Vulnerabilities Identifying Cryptographic Failures
Identifying Broken Object-Level Authorization Vulnerabilities Identifying Cookie Tampering
Identifying Business Logic Flaw Vulnerabilities Identifying Reflective XSS
Identifying Credential Dumping: Vulnerability Identification Identifying Persistent XSS
Identifying Cross-Site Scripting Vulnerabilities Identifying XML Injection
Identifying Injection Vulnerabilities Identifying Insecure APIs
Identifying Sensitive Data Exposure Vulnerability Identification

OWASP: Journey (Part 2)

Identifying Broken User Authentication Vulnerabilities Identifying Hidden Form Field
Identifying Reverse Engineering Vulnerabilities Identifying Weak File Upload Validation
Identifying Security Misconfiguration Vulnerabilities Identifying Vulnerable and Outdate Components
Identifying Server-Side Request Forgery ATT&CK: Updating Vulnerable Java Web Application Server Software
Identifying Forceful Browsing

Journey 3: Beef Up Your Attack Skills

The next Journey in the Series consists of Skill Labs putting you a bit closer to the attacker’s seat. You’ll learn to Identify privilege escalation while also learning exactly how an attacker exploits your server software.

Many of the hand-on lab challenges in this journey rely on the MITRE ATT&CK® framework which provides a methodical, systematic approach to attack response. They’ll prepare you for these attacks in a realistic, yet completely safe, virtual setting.

Attack Journey

Identifying Vertical Privilege Escalation Exploiting Java SQL Injection to Extract Password Hashes
Identifying Horizontal Privilege Escalation Exploiting Vulnerable Java Web Application Server Software
Identifying Buffer Overflow Exploiting Java Web Application Server Misconfiguration
Identifying Information Leakage Exploiting Windows File Sharing Server with External Remote Services
Password Cracking

Journey 4: Fortifying your Defensive Skills

The last journey in the series concentrates on software defense: how you can better prepare your software (and yourself) for the road ahead.

This journey includes defensive software security skills developers can use right away, including taking defensive measures against SQL injection, cross-site scripting, XXE vulnerabilities, parameter tampering and more.

Defend Journey

Defending Against Hard-Coded Secret Defending Against eXternal XML Entity (XXE) Vulnerabilities
Defending Against SQL Injection Defending Against Parameter Tampering
Defending Against Weak AES ECB Mode Encryption Defending Against Security Misconfiguration
Defending Against Weak PRNG Defending Against Plaintext Password Storage
Defending Against XSS

Start Now

Sign up now to access all Journeys.

Why is the Lab Journey Series so effective?

Through November 30th, you’ll have access to over 40 free Labs to sink your teeth into. These labs provide dozens of realistic, hands-on examples of vulnerabilities and threat scenarios. Through each experience, you’ll gain tangible skills that you can apply every day — making you better prepared to secure your software and your organization. Best of all, we’ve designed each journey to both maximize enjoyment and fit into busy schedules.

Over these 4 Lab Journeys, you’ll experience two distinct types of labs:

Learn Labs

Learn Labs are fun, bite-sized simulations that sharpen the software security skills of your entire team. They’ll identify common application security vulnerabilities, understand their impacts, and exploit them — all from the attacker’s point of view. Hints and guidance are based on each participant’s level of competency – and begin to build both an offensive and defensive mindset.

Skill Labs

Skill Labs are technical exercises designed to modernize your software development teams’ security skills. They give learners the tools they need to both respond to and fix software security issues – in safe, simulated environments.

Let's Get Going!