Recommended Path (Hands-On Only): Topics

Foundational: HackEDU: Authentication

Understand the threats and mitigation strategies around implementing authorization securely.

Hands-On Only | Total Learning Path Duration: 2 hours

Identification and Authentication Failures (HackEDU)

Broken Access Control (HackEDU)

Multi-Factor Authentication (MFA) (HackEDU)

Persistent Cookies (HackEDU)

Device Fingerprinting (HackEDU)

Account Lockout (HackEDU)

CAPTCHA (HackEDU)

JSON Web Token (JWT) Authentication Security (HackEDU)

Foundational: HackEDU: Authorization

Understand the threats and mitigation strategies around implementing authentication securely.

Hands-On Only | Total Learning Path Duration: 1 hour 45 minutes

Broken Access Control (HackEDU)

Cross-Site Request Forgery (HackEDU)

Broken Function Level Authorization (2023) (HackEDU)

Broken Object Level Authorization (2023) (HackEDU)

Broken Object Property Level Authorization (HackEDU)

OAuth Implementation Vulnerabilities: Part 1 (HackEDU)

OAuth Implementation Vulnerabilities: Part 2 (HackEDU)

Foundational: HackEDU: Cryptography

Learn about foundation topics of cryptography and practical applications for secret management.

Hands-On Only | Total Learning Path Duration: 2 hours 45 minutes

Encoding (HackEDU)

Hashing (HackEDU)

Encryption (HackEDU)

Encoding, Hashing, and Encryption (HackEDU)

Secure Password Storage: Part 1 (HackEDU)

Secure Password Storage: Part 2 (HackEDU)

Secure Password Storage: Part 3 (HackEDU)

Diffie-Hellman Key Exchange (HackEDU)

Padding Oracle (HackEDU)

Hash-Based Message Authentication Code (HMAC) (HackEDU)

Digital Signatures (HackEDU)

Foundational: HackEDU: Encryption Basics

Learn the concepts of encoding, hashing, and encryption.

Hands-On Only | Total Learning Path Duration: 1 hour

Encoding (HackEDU)

Hashing (HackEDU)

Encryption (HackEDU)

Encoding, Hashing, and Encryption (HackEDU)

Foundational: HackEDU: Native Applications

Learn about native applications and memory vulnerabilities.

Hands-On Only | Total Learning Path Duration: 1 hour 15 minutes

Memory Managment Introduction (HackEDU)

Stack Overflow (HackEDU)

Off-By-One (HackEDU)

Formal String (HackEDU)

Heap Overflow (HackEDU)

Foundational: HackEDU: OAuth

Identify and remediate OAuth vulnerabilities.

Hands-On Only | Total Learning Path Duration: 30 minutes

OAuth Implementation Vulnerabilities: Part 1 (HackEDU)

OAuth Implementation Vulnerabilities: Part 2 (HackEDU)

Foundational: HackEDU: OWASP Top 10 for LLM Applications

The top 10 most critical vulnerabilities found in LLM applications. Understand these threats, learn remediation strategies, and improve the overall security posture of your LLM applications through these hands-on exercises.

Hands-On Only | Total Learning Path Duration: 3 hours

AI/LLM | Prompt Injection (HackEDU)

AI/LLM | Sensitive Information Disclosure (HackEDU)

AI/LLM | Excessive Agency: Human in the Loop (HackEDU)

AI/LLM | Excessive Agency: Prompt Security (HackEDU)

AI/LLM | Excessive Agency: Insecure Plugin Design (HackEDU)

AI/LLM | Prompt Leakage (HackEDU)

AI/LLM | Vector and Embedding Weaknesses (HackEDU)

AI/LLM | Misinformation (HackEDU)

AI/LLM | Unbounded Consumption (HackEDU)

Foundational: HackEDU: Secure Password Management

Learn techniques for safeguarding passwords, and how to incorporate these techniques into an authentication scheme.

Hands-On Only | Total Learning Path Duration: 45 minutes

Secure Password Storage: Part 1 (HackEDU)

Secure Password Storage: Part 2 (HackEDU)

Secure Password Storage: Part 3 (HackEDU)

Foundational: HackEDU: Web Application Security Extended

Go beyond the basic OWASP Top 10 and learn more about other web vulnerabilities.

Hands-On Only | Total Learning Path Duration: 2 hours 30 minutes

Cross-Site Request Forgery (CSRF) (HackEDU)

JSON Web Token (JWT) Authentication Security (HackEDU)

Abusing the $where operator (HackEDU)

Using comparison operators (HackEDU)

User input as keys (HackEDU)

OAuth Implementation Vulnerabilities: Part 1 (HackEDU)

OAuth Implementation Vulnerabilities: Part 2 (HackEDU)

Secure Password Storage: Part 1 (HackEDU)

Secure Password Storage: Part 2 (HackEDU)

Secure Password Storage: Part 3 (HackEDU)

Foundational: Secure Privilege Management

Explore privilege escalation risks, including incorrect role checks in web apps, setuid misconfigurations in Linux, container escape techniques, and database privilege escalation chains.

Hands-On Only | Total Learning Path Duration: 1 hour

Insecure Design | Incorrect Privilege Assignment (HackEDU)

Challenge: Setuid Vulnerability Exploitation (HackEDU)

Privilege Escalation: Container Escape (HackEDU)

Privilege Chaining in Databases (HackEDU)