The updates on this page apply to Veracode Security Labs and Veracode eLearning. Security Labs is only supported in the Commercial Region. eLearning is supported in all Veracode regions.
December 6, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
- New OWASP 1: Redirect Rodeo (.NET, JavaScript)
- New OWASP 8: Prototype Protection Agency (JavaScript)
OWASP API Security Top 10 labs
- New OWASP API 8: Own the Database (Java)
- New OWASP API 8: Parameterize All the Things (Java)
- New OWASP API 8: Bobby Tables (Java)
November 1, 2023
New Security Labs lessons
OWASP API Security Top 10 labs
- New API 7: Jot Down This Key (Java)
- New API 7: Secret Admin (Java)
- New API 7: eXternal Entity (Java)
- New API 7: XML is Always a Challenge (Java)
May 3, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New OWASP 10: Get There From Here (Python, Go)
April 5, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New OWASP 10: Get There From Here (.NET, Flask)
OWASP API Security Top 10 labs
- New API 5: Neglected Endpoints (Java)
- New API 6: Bad Design Compromises Security (Java)
- New API 6: Bad Design Compromises Security (.NET) (revamped!)
March 1, 2023
New Security Labs lessons
Getting Started Labs
New Getting Started - Lesson Zero (Flask, Go, Python)
OWASP Top 10 2021 labs
- New OWASP 1: Broken Access Control - Secrets in the Log (Java)
- New OWASP 4: Making Secure Decisions (Flask, Go, Python)
OWASP API Security Top 10 labs
- New API 4: Slow Down (Java)
- New API 4: Brute Force (Java)
- New API 4: Denial of Service (Java)
February 1, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
- New OWASP 1: Broken Access Control - Loose Lips Sink Servers (Dotnet)
- New Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)
OWASP API Security Top 10 labs
- New API 3: Bugs in Debug (Java)
- New API 3: Revealing Schemas (Java)
January 4, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (Dotnet)
OWASP API Security Top 10 labs
- New API 2: Really, Really Bad Passwords (Java)
- New API 2: Terrible Password (Java)
December 6, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- New OWASP 4: Insecure Design - Insecure Decisions (Dotnet, Java)
- New OWASP 4: Making Secure Decisions (Java)
OWASP API Security Top 10 labs
- New API 1: One ID to Access All Objects (Java)
- New API 1: Stronger IDs (Java)
Getting Started Labs
New Getting Started - Lesson Zero (Java, Node)
November 1, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- New OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
- New OWASP 4: Insecure Design - Valid Deficit (Dotnet)
OWASP API Security Top 10 labs
New API 4: Lack of Resources & Rate Limiting - Denial of Service
October 4, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- New OWASP 4: Insecure Design - Valid Deficit (Node)
- New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Dotnet, Java)
September 26, 2022
Topic Progress Bar Now Focused on Required Labs
In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.
September 6, 2022
One New Security Labs Lesson
OWASP Top 10 2021 labs
New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)
August 24, 2022
New Click-Through Tour
- After an administrator assigns a user the Manager role, they are given a one-time option to take a tour about the actions managers can do in Security Labs.
- You can also read new documentation on manager permissions.
August 3, 2022
Three New API Security Labs Lessons
OWASP API Security Top 10 labs
- New API 9 Improper Assets Management - Unprotected deployments (.NET)
- New API 10 Insufficient Logging & Monitoring - The Importance of Logging and Monitoring (.NET)
- New API 10 Insufficient Logging & Monitoring - Logging in the API Infrastructure (.NET)
July 6, 2022
Seven New API Security Labs Lessons and One Updated OWASP Course
OWASP API Security Top 10 labs
- New API 7 Security Misconfiguration - Jot down this key (.NET)
- New API 7 Security Misconfiguration - Secret Admins (.NET)
- New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
- New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
- New API 8 Injection - Own the database (.NET)
- New API 8 Injection - Parameterize all the things (.NET)
- New API 8 Injection - Bobby Tables (.NET)
OWASP Top 10:2021:10 Server-Side Request Forgery
New Get There From Here (Node)
June 30, 2022
Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials
- Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
- Added two new AppSec Tutorials on Learner Level 2
June 1, 2022
The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses
OWASP API Security Top 10 labs
- API5:2019 Neglected endpoints (.NET)
- API6:2019 Bad Design Compromises Security (.NET)
OWASP Top 10 2021 labs
See the Course Catalog for more details.
- A01:2021 Broken Access Control
- A02:2021 Cryptographic Failures
- A03:2021 Injection
- A05:2021 Security Misconfiguration
- A06:2021 Vulnerable and Outdated Components
- A07:2021 Identification and Authentication Failures
- A08:2021 Software and Data Integrity Failures
- A09:2021 Security Logging and Monitoring Failures
May 19, 2022
The Security Training Team Released Three New eLearning Courses and Updated One Course
- Updated A04: eLearning Secure Architecture and Design
- New OWASP Top 10 2021
- New A10: Server-Side Request Forgery AppSec Tutorial
- New A08: Software and Data Integrity Failures AppSec Tutorial
May 4, 2022
The Security Training Team Released Seven Labs
OWASP API Security Top 10 Labs:
- API3:2019 Excessive Data Exposure - Bugs in Debug (.NET)
- API3:2019 Excessive Data Exposure - Revealing Schemas (.NET)
- API4:2019 Lack of Resources and Rate Limiting - Slow Down (.NET)
- API4:2019 Lack of Resources and Rate Limiting - Brute Force (.NET)
OWASP Top 10 2021 Labs:
- A04:2021 Insecure Design - Making Secure Decisions (.NET)
- A08:2021 Software and Data Integrity Failures - Sleeping With the Enemy (.NET, Node)
- A10:2021 Server-Side Request Forgery - Get There From Here (Java)
April 6, 2022
Two New Labs
- OWASP API #1 - Broken Object Level Authorization
- OWASP API #2 - Broken User Authentication