Application Security Labs

Organizations are continuously developing, updating and improving applications and infrastructure. Immersive Labs delivers a wide range of challenge-based experiences to equip teams across the entire software lifecycle to identify, fix and prevent security vulnerabilities in your applications.

Skill paths to tool up teams

Our hands-on labs and challenges are designed to move teams and individuals through a four phase process to power up your organization’s human cyber readiness.



Embedding core skills through guided, hands-on experiences. Users can begin here with little to no prior experience.



Enabling individuals to show expertise through experiences, in these exercises users will prove their mastery of relevant tools and technology.



Applying acquired skills and experience to the latest threats and techniques, these labs test not only the skills acquired to this point but also critical thinking and flexibility.



Testing expertise and decision making against likely scenarios. This is where things get real, as we test individual and organizational readiness.

Top role objectives

Use sets of industry standard objectives or build your own in Immersive Labs. Objectives equip teams and individuals with relevant and continually evolving expertise.  

This objective not only empowers developers to identify and fix insecure code but also gives them unique insight into the consequences. This approach aligns with a “shift left” methodology, baking in security at the outset to reduce costly changes in production. 

Our labs provide teams responsible for software architecture and infrastructure with a more in-depth understanding of how to securely design and implement systems. Including network design, cloud configurations and databases. 

Immersive Labs content for Operations teams enables a security-centred view of the role as part of the secure development lifecycle. Increasing understanding of the impact of security on areas like configuration change, patching or key management.

The OWASP Top 10 and more

Immersive Labs on-demand content includes hundreds of individual labs that extensively cover the OWASP top 10 as well as a wide range of other vulnerabilities and common misconfigurations.

Top on-demand labs 

S3 Security Permissions

Amazon Simple Storage Service, more commonly known as S3, is a scalable storage solution which allows users to access files anywhere in the world using an Application Programming Interface (API). In this lab, we explore the security permissions associated with Amazon S3 and how misconfiguration can result in data leaks.

Java XSS

This Java secure code lab focuses on the remediation of an advanced cross-site scripting (XSS) vulnerability through file upload in a Java web app. You’ll identify the vulnerability and mitigate it using a number of methods.

Defense in Depth

Information Assurance (IA) is about looking at the system as a whole. Defence in depth is about gaining perspective on how that system is structured, layer by layer. In the many different levels of security that make up defence in depth, this lab will provide an overview before focusing on the network security layer.

Java: API JSON Injection

Forming a part of the OWASP Top 10 (A1 - Injection) JSON injection vulnerabilities can present several security risks to APIs such as privilege escalation, learn what JSON injection vulnerabilities are and how to prevent them by completing this lab.

We help businesses to increase and evidence human capability in every part of cybersecurity.