Included Lessons

SQL Injection
Command Injection
Broken Authentication and Session Management
Cross-Site Scripting
Broken Access Control
Security Misconfiguration
Sensitive Data Exposure
Insufficient Logging & Monitoring
Cross-Site Request Forgery
Using Components with Known Vulnerabilities
XML External Entities
Icon button

No Setup Required

Get started right away with the tools that hackers use.

Game plan

Offensive Approach

Learn effectively through real-world attack scenarios.


Interactive, Hands On Training

Start your journey to being technical. Video and PowerPoint lessons don't cut it.

Rubik Cube

Practices and Challenges

Practice and test your security skills by completing fun and difficult tasks in real web applications.


What I've learned already since signing up for HackEDU has proven priceless in terms of protecting one of our major clients against data theft. This week I've been cleaning up several broken authentication issues on their site using the info I've learned just from the course!

Kevin K.


The course, challenges, and practices are available for one year.

Access new web app security content as it is released.

Register Now