Application Security Labs
Organizations are continuously developing, updating and improving applications and infrastructure. Immersive Labs delivers a wide range of challenge-based experiences to equip teams across the entire software lifecycle to identify, fix and prevent security vulnerabilities in your applications.
Skill paths to tool up teams
Our hands-on labs and challenges are designed to move teams and individuals through a four phase process to power up your organization’s human cyber readiness.
Coach
Embedding core skills through guided, hands-on experiences. Users can begin here with little to no prior experience.
Demonstrate
Enabling individuals to show expertise through experiences, in these exercises users will prove their mastery of relevant tools and technology.
Challenge
Applying acquired skills and experience to the latest threats and techniques, these labs test not only the skills acquired to this point but also critical thinking and flexibility.
Simulate
Testing expertise and decision making against likely scenarios. This is where things get real, as we test individual and organizational readiness.
Top role objectives
Use sets of industry standard objectives or build your own in Immersive Labs. Objectives equip teams and individuals with relevant and continually evolving expertise.
This objective not only empowers developers to identify and fix insecure code but also gives them unique insight into the consequences. This approach aligns with a “shift left” methodology, baking in security at the outset to reduce costly changes in production.
Our labs provide teams responsible for software architecture and infrastructure with a more in-depth understanding of how to securely design and implement systems. Including network design, cloud configurations and databases.
Immersive Labs content for Operations teams enables a security-centred view of the role as part of the secure development lifecycle. Increasing understanding of the impact of security on areas like configuration change, patching or key management.
The OWASP Top 10 and more
Immersive Labs on-demand content includes hundreds of individual labs that extensively cover the OWASP top 10 as well as a wide range of other vulnerabilities and common misconfigurations.
Top on-demand labs
S3 Security Permissions
Amazon Simple Storage Service, more commonly known as S3, is a scalable storage solution which allows users to access files anywhere in the world using an Application Programming Interface (API). In this lab, we explore the security permissions associated with Amazon S3 and how misconfiguration can result in data leaks.
Java XSS
This Java secure code lab focuses on the remediation of an advanced cross-site scripting (XSS) vulnerability through file upload in a Java web app. You’ll identify the vulnerability and mitigate it using a number of methods.
Defense in Depth
Information Assurance (IA) is about looking at the system as a whole. Defence in depth is about gaining perspective on how that system is structured, layer by layer. In the many different levels of security that make up defence in depth, this lab will provide an overview before focusing on the network security layer.
Java: API JSON Injection
Forming a part of the OWASP Top 10 (A1 - Injection) JSON injection vulnerabilities can present several security risks to APIs such as privilege escalation, learn what JSON injection vulnerabilities are and how to prevent them by completing this lab.
Latest Blog posts
Wicked problems: navigating crises when there’s no clear path
1 April 2021
Play along with our new crisis scenario – Insider Threat: Pharma Drama!
31 March 2021
The People of InfoSec on the People of InfoSec: The Thought Leader’s View
31 March 2021
SaltStack: further injection vulnerabilities
24 March 2021
Immersive Labs Chooses Global Channel-First Strategy With 50 New Partners and Transparent Structure
18 March 2021
The View from the CISO’s Chair
18 March 2021