Trusted at companies large and small
These lessons are based on vulnerabilities found in real applications from HackerOne's bug bounty program.Learn More
Highly wormable clickjacking vulnerability in Twitter player card.
XXE in Site Audit function exposing file and directory contents.
Remote Code Execution
RCE by command injection to 'gm convert' in image crop functionality.
SQL Injection with SQLMap
Complex SQL Injection in www.drivegrab.com
XSS using PostMessage
Stealing contact form data on hackerone.com using Marketo Forms XSS.
Included Public Vulnerabilities
HackEDU has sandboxes with public vulnerabilities to learn real world offensive and defensive security techniques in a safe and legal environment.Learn More
This sandbox replicates a public Remote Code Execution (RCE) vulnerability in Drupal (CVE-2018-7600).
This sandbox replicates a public Remote Code Execution (RCE) vulnerability in Apache Struts 2 (CVE-2018-11776).
This sandbox replicates public vulnerabilities with archive software.
Interactive, Hands-On Training
Developers are problem solvers and learn most effectively through hands-on real-world scenarios. Video and PowerPoint lessons don't cut it.
Try out our SQL Injection Demo to get a feel for how the training platform works. No account or setup is required.
Coding and Hacking Challenges
Coding Challenges are labs where software developers practice finding and fixing vulnerabilities in software. Developers have to both find the vulnerability and then securely code in order to pass the challenge. These challenges compliment HackEDU's lessons and can be assigned before or after lessons to ensure that the training concepts are solidified.
HackEDU’s Coding Challenges can also be used as assessments to evaluate the secure coding competency of developers!
Administration Management Dashboard
The HackEDU Admin Dashboard makes it easy to manage and monitor your organization's training.
- Monitor your team's progress
- Create custom training plans
- Setup SSO
- Schedule your teams training to fit your needs
- Generate Certificates for compliance audits
Benefits of Web Application Security Training
What I've learned already since signing up for HackEDU has proven priceless in terms of protecting one of our major clients against data theft. This week I've been cleaning up several broken authentication issues on their site using the info I've learned just from the course!
Exploiting and then fixing the code is great. Hands on and eye opening, love it.
Really love the fact that you can live patch the application. I really like how easy this makes it to see and understand the problem.