Application Security Labs
Organizations are continuously developing, updating and improving applications and infrastructure. Immersive Labs delivers a wide range of challenge-based experiences to equip teams across the entire software lifecycle to identify, fix and prevent security vulnerabilities in your applications.
Skill paths to tool up teams
Our hands-on labs and challenges are designed to move teams and individuals through a four phase process to power up your organization’s human cyber readiness.
Embedding core skills through guided, hands-on experiences. Users can begin here with little to no prior experience.
Enabling individuals to show expertise through experiences, in these exercises users will prove their mastery of relevant tools and technology.
Applying acquired skills and experience to the latest threats and techniques, these labs test not only the skills acquired to this point but also critical thinking and flexibility.
Testing expertise and decision making against likely scenarios. This is where things get real, as we test individual and organizational readiness.
Top role objectives
Use sets of industry standard objectives or build your own in Immersive Labs. Objectives equip teams and individuals with relevant and continually evolving expertise.
This objective not only empowers developers to identify and fix insecure code but also gives them unique insight into the consequences. This approach aligns with a “shift left” methodology, baking in security at the outset to reduce costly changes in production.
Our labs provide teams responsible for software architecture and infrastructure with a more in-depth understanding of how to securely design and implement systems. Including network design, cloud configurations and databases.
Immersive Labs content for Operations teams enables a security-centred view of the role as part of the secure development lifecycle. Increasing understanding of the impact of security on areas like configuration change, patching or key management.
The OWASP Top 10 and more
Immersive Labs on-demand content includes hundreds of individual labs that extensively cover the OWASP top 10 as well as a wide range of other vulnerabilities and common misconfigurations.
Top on-demand labs
S3 Security Permissions
Amazon Simple Storage Service, more commonly known as S3, is a scalable storage solution which allows users to access files anywhere in the world using an Application Programming Interface (API). In this lab, we explore the security permissions associated with Amazon S3 and how misconfiguration can result in data leaks.
This Java secure code lab focuses on the remediation of an advanced cross-site scripting (XSS) vulnerability through file upload in a Java web app. You’ll identify the vulnerability and mitigate it using a number of methods.
Defense in Depth
Information Assurance (IA) is about looking at the system as a whole. Defence in depth is about gaining perspective on how that system is structured, layer by layer. In the many different levels of security that make up defence in depth, this lab will provide an overview before focusing on the network security layer.
Java: API JSON Injection
Forming a part of the OWASP Top 10 (A1 - Injection) JSON injection vulnerabilities can present several security risks to APIs such as privilege escalation, learn what JSON injection vulnerabilities are and how to prevent them by completing this lab.
Test your cyber mettle for free: Immersive Labs Community is now in public beta
12 October 2020
Research: Can you build spyware for a Fitbit?
9 October 2020
The more the merrier: four ways to build a more diverse cybersecurity team
30 September 2020
Think cyberattacks only hurt financially? Think again
28 September 2020
Staying cyber-safe in a remote working world
24 September 2020
Guest Blog: The Stress and Joy of Security Jobs
21 September 2020