Insecure Inc.
Challenges
Missing Authentication for Critical Function
Reliance on Untrusted Inputs in a Security Decision
Missing Authorization
Missing Encryption for Sensitive Data
Use of a Broken or Risky Cryptographic Algorithm
Use of a One-Way Hash without a Salt
Use of Hard-coded Credentials
Generation of Error Message Containing Sensitive Information
Improper Control of Generation of Code ('Code Injection')
Improper Restriction of Excessive Authentication Attempts
Integer Overflow or Wraparound
Download of Code Without Integrity Check
URL Redirection to Untrusted Site ('Open Redirect')
Cross-Site Scripting
Cross-Site Request Forgery
XML External Entity
Unrestricted Upload of File with Dangerous Type
Incorrect Authorization
Path Traversal
OS Command Injection
Deserialization of Untrusted Data
SQL Injection
Buffer Overflow
Uncontrolled Format String
Quiz
Welcome to Insecure Inc.
This is a training site. You are authorized to complete the training challenges. You are
not
authorized to conduct any disruptive testing or intentionally tamper with the contents of this site.