CINXE.COM

<!DOCTYPE html> <html lang="en-US" data-head-attrs="lang"> <head> <link rel="stylesheet" type="text/css" href="/assets/static/base-hydrate.CVlwhd_Z.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-d6dbe598.DX66Q3v9.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-5d71d207.CqEXzulP.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-d6a034ef.aUFpnvAH.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-43f01013.4z6h_-kx.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-51fdc371.DS_l0Kfl.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-5d0a25da.CmtC-1yB.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-6734dddb.Vb6S9zxt.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-20c9a57a.CDX8gU37.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-ddc4c9ef.DCaI8d4a.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-b517ead6.C0rYgh4H.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-77a0178e.BXr2t0C_.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-55b46170.C_Xzkwbs.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-168ec0e9.vZhNOX3S.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-34a2ade4.DtWcSVDK.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-56afbd5e.KbYIl6Nl.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-75f4a8fd.vcXU6J5J.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-e60d2ee3.BU0Q2zNa.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-9582fea4.Y1isl9E3.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-b5daf879.DY7Mp0ti.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-6263fc62.DPB_1kgC.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-df194323.Nop3Snj-.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-d5dab366.CVwKzuw8.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-patchui-f9d8a6d8.Cvefshjp.css"> <link rel="stylesheet" type="text/css" href="/assets/static/-vuepic-d9cb3b3b.BhU9HRFu.css"> <link rel="preload" href="/assets/static/Inter-roman.var.C-r5W2Hj.woff2" as="font" type="font/woff2" crossorigin> <link rel="preload" href="/assets/static/Inter-italic.var.DhD-tpjY.woff2" as="font" type="font/woff2" crossorigin> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width,initial-scale=1.0" /> <link rel="icon" href="/favicon.ico" /> <title>Snyk Learn | Interactive Secure Development Lessons</title><meta charset="utf-8"><meta property="og:title" content="Free Interactive Secure Development Training"><meta property="og:description" content="Snyk Learn is developer-first security education that offers free interactive lessons on how to fix vulnerabilities in applications, containers, and IaC."><meta property="og:url" content="https://learn.snyk.io/"><meta property="og:site_name" content="Snyk Learn"><meta property="og:type" content="website"><meta property="og:image" content="https://res.cloudinary.com/snyk/image/upload/c_pad,b_auto,h_630,w_1200/v1632481623/snyk-learn/snyk-learn-share-image.png"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:site" content="snyksec"><meta name="twitter:image" content="https://res.cloudinary.com/snyk/image/upload/c_pad,b_auto,h_600,w_1200/v1632481623/snyk-learn/snyk-learn-share-image.png"><meta name="description" content="Snyk Learn offers developer security training with interactive lessons on how to find and fix vulnerabilities, and using Snyk for security."><meta name="keywords" content="security training for developers, developer security training, secure development training, snyk learn, snyk training"><meta name="head:count" content="12"> <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" sizes="194x194"> <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/android-chrome.png" sizes="192x192"> <link rel="apple-touch-icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/apple-touch-icon.png" sizes="180x180"> <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico"> <link rel="mask-icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/safari-pinned-tab.svg"> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&family=Roboto&family=JetBrains+Mono&display=swap" rel="stylesheet"> <meta name="google-site-verification" content="6N0mt9PqhKoLhoMZ2sGsgCNPitJhp1MM2gYluXSWrwE" /> </head> <body data-head-attrs=""> <noscript> We're sorry but Snyk Learn doesn't work properly without JavaScript enabled. Please enable it to continue. </noscript> <div id="app"><div id="app" data-v-17e5ae28><div class="header" data-v-17e5ae28><header class="brand-primary-header" data-v-17e5ae28 data-v-cac54184 data-v-62a7ff71><div class="brand-mobile-nav brand-primary-header__mobile" data-v-62a7ff71 data-v-a55a7829><div class="brand-mobile-nav__header" data-v-a55a7829><div class="brand-logo" data-v-cac54184 data-v-94938a6d><a class="brand-logo__wordmark" href="https://snyk.io" aria-label="Snyk Logo" data-v-94938a6d><svg class="snyk-logo snyk-logo--color-colorDark snyk-logo--default brand-logo__snyk-logo" xmlns="http://www.w3.org/2000/svg" x="0" y="0" width="337.9" height="160.52" viewbox="0 0 337.9 160.52" data-v-94938a6d data-v-a35fa28b><path fill="var(--c-fg)" d="M304.87 89.32h-1.29v22.29h-16v-55.5l16-25.02v51.78c3.19-3.9 13.92-18.72 13.92-18.72h19.76l-18.73 19.82 19.38 27.67H317.7l-12.83-22.32zm-44.6-3.64 6.56-21.38h15.85l-18.58 47.15c-5.54 14.18-13.46 23.77-25.3 23.77-4.55 0-8.38-1.18-10.39-2.31l6.37-9.86c.95.11 1.93.15 2.92.15 5.46 0 9.56-5.31 12.21-11.6l-19.49-47.3h17.94l7.02 21.11c1.37 4.02 2.35 11.67 2.35 11.67s1.25-7.38 2.54-11.4zm-48.36-1.1c0-6.18-2.73-9.1-7.93-9.1-2.54 0-5.2.72-7.02 1.82v34.3h-16V64.76l15.66-1.29-.38 7.66h.53c3.38-4.55 9.1-8 15.93-8 8.19 0 15.28 5.08 15.28 17.09v31.39H211.9V84.58zm-76.75 24.6 1.44-10.92c5.01 2.46 10.66 3.64 15.4 3.64 3.45 0 5.73-1.18 5.73-3.26 0-5.99-21.58-4.55-21.58-20.2 0-10.01 9.18-15.28 20.67-15.28 5.73 0 11.64 1.55 15.47 2.92l-1.55 10.73c-4.02-1.55-9.48-2.99-14.03-2.99-2.81 0-5.08.99-5.08 2.8 0 5.91 22.03 4.74 22.03 20.01 0 10.16-9.03 16-21.39 16-6.84 0-12.37-1.17-17.11-3.45z" data-v-a35fa28b></path><g data-v-a35fa28b><path fill="var(--c-fg)" d="M87.16 38.32C84.93 31.66 78.45 18.91 67.69.01l-5.31 35.34a212.768 212.768 0 0 0-23.33 0L33.74 0S19.15 27.18 14.76 38.22C5.19 40.05 0 41.97 0 41.97v82.95l50.68 35.54 50.68-35.55V41.96c-.01 0-4.98-1.85-14.2-3.64z" data-v-a35fa28b></path><path fill="#dbdbdb" d="M50.68 155.47 3.24 122.33V45.29s17.74-6.43 47.44-6.43v116.61z" data-v-a35fa28b></path><path fill="#c6c6c6" d="M50.74 38.86h-.07V155.4l47.06-33.04V45.29s-17.29-6.43-46.99-6.43z" data-v-a35fa28b></path><path fill="#3b3b63" d="m76.35 137.34-3.99-34.8h-22v53.01l.32.3c8.55-5.86 17.11-12.03 25.67-18.51z" data-v-a35fa28b></path><path fill="#53537a" d="m25.03 137.61 25.65 18.23v-54.35h-22.2l-3.45 36.12z" data-v-a35fa28b></path><path fill="#bc9375" d="M61.66 127.31c0 5.97-5.67 8.94-10.87 8.94s-10.94-2.97-10.94-8.94" data-v-a35fa28b></path><path fill="var(--c-fg)" d="M50.73 130.41c-4.17 0-6.19-3.02-6.19-9.22h1.98c0 7.27 2.85 7.27 4.21 7.27 1.37 0 4.21 0 4.21-7.27h1.99c.01 6.2-2.02 9.22-6.2 9.22z" data-v-a35fa28b></path><path fill="#c49a7e" d="M50.68 122.69a7.322 7.322 0 0 0 7.45 4.99 9.41 9.41 0 0 0 9.07-6.48c2.4-6.46 2.37-15.45 2.37-15.45S80.2 92.62 80.2 88.24H50.66l.02 34.45z" data-v-a35fa28b></path><path fill="#d8b7a0" d="M20.74 88.22c0 5.13 10.54 17.51 10.54 17.51s0 8.98 2.36 15.45a9.4 9.4 0 0 0 9.08 6.48c3.43.15 6.6-1.83 7.96-4.99V88.22H20.74z" data-v-a35fa28b></path><path fill="#3b3b63" d="M78.93 58.71c-8.2-8.27-10.24-25.52-10.24-25.52-1.53 5.47-4.86 21.46-4.86 21.46-4.36-1.3-8.86-2.01-13.41-2.11-.23 0-.23 21.6 0 64.79l6.57-4.72 1.27-22.87 7.05 7.92 9.09 2.62 3.39-2.37c.98-1.4 1.75-2.93 2.28-4.56 1.27-3.17-1.56-27.68-1.56-27.68-1.01-2.05.42-6.96.42-6.96z" data-v-a35fa28b></path><path fill="#53537a" d="M37.7 54.65s-3.28-16.03-4.85-21.47c0 0-2.05 17.26-10.24 25.53 0 0 1.43 4.9.43 6.98 0 0-2.83 24.48-1.58 27.68.53 1.63 1.29 3.17 2.28 4.57l3.39 2.37 9.08-2.62 7.05-7.96 1.24 22.88 6.19 4.59V52.46c-4.42.06-8.8.8-12.99 2.19z" data-v-a35fa28b></path><path fill="#333152" d="M73.2 17.19c1.36 2.52 13.04 25.56 13.04 33.55l-5.19 13.91c.88 7.85 2.63 24.9 1.3 28.22-.81 2.06-3.91 6.3-6.57 9.73l3.62 32.58-4.9 3.47-2.71-23.8c-.36 2.48-.96 4.94-1.79 7.31-1.01 2.89-3.04 5.3-5.71 6.76-.14 7.35-7.03 11.32-13.5 11.32s-13.47-3.96-13.62-11.3a12.35 12.35 0 0 1-5.72-6.77c-.8-2.29-1.39-4.63-1.75-7.03l-2.6 23.95-4.94-3.53 3.56-32.83c-2.67-3.45-5.83-7.75-6.65-9.85-1.31-3.28.36-20.38 1.25-28.22l-5.47-14.39v-.47c0-7.99 12.04-30.1 13.35-32.6l3.88-7c2.36 16.23 3.55 24.36 3.55 24.37l1.92 13.13 2.51 4.07c3.45-1.18 7.05-1.83 10.68-1.92 3.65.09 7.27.73 10.72 1.92l2.51-4.07 5.47-37.52 3.76 7.01zM50.8 135.02c2.87 0 6.95-1.28 7.97-4.67h-.32c-.54 0-1.06-.04-1.59-.12a7.164 7.164 0 0 1-6.13 2.64 7.13 7.13 0 0 1-6.11-2.63c-.53.09-1.06.13-1.6.13h-.32c1.04 3.37 5.19 4.65 8.1 4.65zm-3.36-5.57a5.835 5.835 0 0 0 6.57 0c-.68-.3-1.31-.67-1.92-1.09-.45.12-.92.16-1.38.14-.47.01-.93-.03-1.39-.14-.59.42-1.21.79-1.88 1.09zm20.37-25.27c3.58-4.31 8.83-11.25 9.61-13.2.54-1.99-.42-15.25-1.65-26.41l-.07-.61 1.09-2.76c-3.43-3.6-5.82-8.54-7.45-13.19l-.22 1.46-5.41 8.75-2.18-.84c-3.45-1.37-7.1-2.15-10.81-2.3-3.69.14-7.33.92-10.76 2.3l-2.11.89-5.47-8.75-.16-1.09c-1.65 4.61-4.05 9.45-7.46 12.98l1 2.63-.07.62c-1.26 11.11-2.25 24.37-1.65 26.42.6 2.05 6.05 8.84 9.58 13.13l.59.72v.92c0 .09 0 8.61 2.19 14.54a6.787 6.787 0 0 0 6.57 4.77c2.25-.08 4.28-1.4 5.25-3.44.85-1.65 1.28-4.38 1.28-8.15h2.19c-.04 2.79.43 5.56 1.37 8.17a6.146 6.146 0 0 0 5.31 3.41c3 .04 5.67-1.89 6.57-4.76 2.19-5.95 2.19-14.47 2.19-14.55v-.92l.68-.74z" data-v-a35fa28b></path><path fill="#333152" d="M67.22 80.99H56.61v.11a6.966 6.966 0 0 0 7.24 6.69c3.63-.14 6.54-3.05 6.69-6.69v-.11h-3.32zM41.61 80.99H30.99v.11a6.966 6.966 0 0 0 7.24 6.69c3.63-.14 6.54-3.05 6.69-6.69v-.11h-3.31z" data-v-a35fa28b></path><path fill="var(--c-fg)" d="M38.85 80.99c.58 0 .92 1.01.81 1.71-.1.77-.68 1.38-1.43 1.52a1.78 1.78 0 0 1-2.07-1.42c.54.01 1.01-.37 1.09-.91.04-.34-.08-.9-.32-.9h-3.28v.11c.12 2.2 1.99 3.88 4.18 3.76h.01c2.04-.11 3.67-1.73 3.76-3.76v-.11h-2.75z" data-v-a35fa28b></path><path fill="#c49a7e" d="M66.41 77.89c.45-.48 4.23-4.71-.83-4.71-4.56 0-7.86 3.63-8.75 4.71h9.58z" data-v-a35fa28b></path><path fill="#d8b7a0" d="M44.59 77.89c-.86-1.09-4.16-4.71-8.75-4.71-5.06 0-1.27 4.22-.83 4.71h9.58zM20.28 49.36c.3-4.15 4.68-14.07 8.86-22.43l1.09 7.66c-.43 2.85-2.35 14.06-7.56 21.13l-2.39-6.36z" data-v-a35fa28b></path><path fill="#c49a7e" d="m71.32 33.93 1.02-7.05c4.18 8.36 8.57 18.29 8.86 22.43l-2.34 6.22c-5.63-7.74-7.4-20.39-7.54-21.6z" data-v-a35fa28b></path><path fill="#333152" d="M46.84 118.2c-1.96-1.47-3.97-3.28-3.97-4.74 0-.93 1.67-3.8 1.67-3.8h12.44s1.63 2.54 1.63 3.8-2.02 3.12-4.06 4.59c-.69-1.17-1.56-1.37-1.97-.45-.22.6-.26 1.25-.15 1.88-1.09.7-1.9 1.09-1.9 1.09s-.62-.35-1.52-.93c.15-.7.12-1.42-.11-2.1-.42-.94-1.3-.71-2 .49l-.06.17z" data-v-a35fa28b></path><path fill="var(--c-fg)" d="M64.6 80.99c.51.11.8 1.02.71 1.67-.14.95-1.04 1.61-1.99 1.47-.72-.09-1.31-.62-1.47-1.34.54.01 1.01-.37 1.09-.91.05-.34-.08-.9-.31-.9h-3.38v.11c0 2.2 1.79 3.98 3.99 3.98s3.98-1.78 3.98-3.98v-.11H64.6z" data-v-a35fa28b></path></g></svg></a><a href="/" class="brand-logo__sub-brand" data-v-94938a6d>Learn</a></div><div class="brand-mobile-nav__triggers" data-v-a55a7829><button class="brand-button brand-button--secondary brand-button--right-icon brand-button--icon-only brand-mobile-nav__menu-button" type="button" aria-label="Open navigation menu" data-v-a55a7829 data-v-58bdfc01><span class="brand-button__icon brand-button__icon--right" data-v-58bdfc01><svg class="brand-icon brand-icon--menu" width="16" height="16" viewbox="0 0 24 24" aria-hidden="true" data-v-a55a7829 data-v-77f6fa34><path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" data-v-77f6fa34></path></svg></span></button></div></div><div class="brand-mobile-nav__menu" data-v-a55a7829><ul class="brand-primary-header__navigation-list-mobile" data-v-62a7ff71><li class="brand-disclosure-nav brand-disclosure-nav--inline" data-snyk-test="LearnNav" data-v-cac54184 data-v-7001639a><span class="brand-button brand-button--tertiary brand-button--right-icon brand-disclosure-nav-button brand-disclosure-nav-button--inline brand-disclosure-nav__handle" role="button" tabindex="0" data-v-7001639a data-v-8e91682e data-v-58bdfc01>Browse topics<span class="brand-button__icon brand-button__icon--right" data-v-58bdfc01><svg class="brand-icon brand-icon--chevron-down brand-disclosure-nav-button__collapse-state-icon" width="16" height="16" viewbox="0 0 24 24" aria-hidden="true" data-v-8e91682e data-v-dfb85cff><path d="M7.41,8.58L12,13.17L16.59,8.58L18,10L12,16L6,10L7.41,8.58Z" data-v-dfb85cff></path></svg></span></span><div class="brand-disclosure-nav__attachment-point" data-v-7001639a></div></li></ul><div class="brand-primary-header__extras-mobile" data-v-62a7ff71><div id="header-lesson-table-of-content-teleport" data-v-cac54184></div></div><div class="brand-primary-header__actions-mobile" data-v-62a7ff71><div style="display:none;" data-v-cac54184><div class="brand-disclosure-nav brand-disclosure-nav--inline" data-snyk-test="TenantSelector" data-v-cac54184 data-v-7001639a><span class="brand-button brand-button--tertiary brand-button--right-icon brand-disclosure-nav-button brand-disclosure-nav-button--inline brand-disclosure-nav__handle" role="button" tabindex="0" data-v-7001639a data-v-8e91682e data-v-58bdfc01>Login<span class="brand-button__icon brand-button__icon--right" data-v-58bdfc01><svg class="brand-icon brand-icon--chevron-down brand-disclosure-nav-button__collapse-state-icon" width="16" height="16" viewbox="0 0 24 24" aria-hidden="true" data-v-8e91682e data-v-dfb85cff><path d="M7.41,8.58L12,13.17L16.59,8.58L18,10L12,16L6,10L7.41,8.58Z" data-v-dfb85cff></path></svg></span></span><div class="brand-disclosure-nav__attachment-point" data-v-7001639a></div></div></div><div style="display:none;" data-v-cac54184><a class="brand-button brand-button--primary" role="button" href="https://api.snyk.io/v1/learn/auth?cta=signup&page=learn-homepage&loc=nav&learn_redirect_path=%2Fuser%2Flearning-progress" data-v-cac54184 data-v-58bdfc01><span data-v-cac54184>Sign up</span></a></div></div></div></div><div class="brand-primary-header__desktop" data-v-62a7ff71><div class="brand-primary-header__main-row brand-primary-header__width-restrictor" data-v-62a7ff71><div class="brand-primary-header__logo-container" data-v-62a7ff71><div class="brand-logo" data-v-cac54184 data-v-94938a6d><a class="brand-logo__wordmark" href="https://snyk.io" aria-label="Snyk Logo" data-v-94938a6d><svg class="snyk-logo snyk-logo--color-colorDark snyk-logo--default brand-logo__snyk-logo" xmlns="http://www.w3.org/2000/svg" x="0" y="0" width="337.9" height="160.52" viewbox="0 0 337.9 160.52" data-v-94938a6d data-v-a35fa28b><path fill="var(--c-fg)" d="M304.87 89.32h-1.29v22.29h-16v-55.5l16-25.02v51.78c3.19-3.9 13.92-18.72 13.92-18.72h19.76l-18.73 19.82 19.38 27.67H317.7l-12.83-22.32zm-44.6-3.64 6.56-21.38h15.85l-18.58 47.15c-5.54 14.18-13.46 23.77-25.3 23.77-4.55 0-8.38-1.18-10.39-2.31l6.37-9.86c.95.11 1.93.15 2.92.15 5.46 0 9.56-5.31 12.21-11.6l-19.49-47.3h17.94l7.02 21.11c1.37 4.02 2.35 11.67 2.35 11.67s1.25-7.38 2.54-11.4zm-48.36-1.1c0-6.18-2.73-9.1-7.93-9.1-2.54 0-5.2.72-7.02 1.82v34.3h-16V64.76l15.66-1.29-.38 7.66h.53c3.38-4.55 9.1-8 15.93-8 8.19 0 15.28 5.08 15.28 17.09v31.39H211.9V84.58zm-76.75 24.6 1.44-10.92c5.01 2.46 10.66 3.64 15.4 3.64 3.45 0 5.73-1.18 5.73-3.26 0-5.99-21.58-4.55-21.58-20.2 0-10.01 9.18-15.28 20.67-15.28 5.73 0 11.64 1.55 15.47 2.92l-1.55 10.73c-4.02-1.55-9.48-2.99-14.03-2.99-2.81 0-5.08.99-5.08 2.8 0 5.91 22.03 4.74 22.03 20.01 0 10.16-9.03 16-21.39 16-6.84 0-12.37-1.17-17.11-3.45z" data-v-a35fa28b></path><g data-v-a35fa28b><path fill="var(--c-fg)" d="M87.16 38.32C84.93 31.66 78.45 18.91 67.69.01l-5.31 35.34a212.768 212.768 0 0 0-23.33 0L33.74 0S19.15 27.18 14.76 38.22C5.19 40.05 0 41.97 0 41.97v82.95l50.68 35.54 50.68-35.55V41.96c-.01 0-4.98-1.85-14.2-3.64z" data-v-a35fa28b></path><path fill="#dbdbdb" d="M50.68 155.47 3.24 122.33V45.29s17.74-6.43 47.44-6.43v116.61z" data-v-a35fa28b></path><path fill="#c6c6c6" d="M50.74 38.86h-.07V155.4l47.06-33.04V45.29s-17.29-6.43-46.99-6.43z" data-v-a35fa28b></path><path fill="#3b3b63" d="m76.35 137.34-3.99-34.8h-22v53.01l.32.3c8.55-5.86 17.11-12.03 25.67-18.51z" data-v-a35fa28b></path><path fill="#53537a" d="m25.03 137.61 25.65 18.23v-54.35h-22.2l-3.45 36.12z" data-v-a35fa28b></path><path fill="#bc9375" d="M61.66 127.31c0 5.97-5.67 8.94-10.87 8.94s-10.94-2.97-10.94-8.94" data-v-a35fa28b></path><path fill="var(--c-fg)" d="M50.73 130.41c-4.17 0-6.19-3.02-6.19-9.22h1.98c0 7.27 2.85 7.27 4.21 7.27 1.37 0 4.21 0 4.21-7.27h1.99c.01 6.2-2.02 9.22-6.2 9.22z" data-v-a35fa28b></path><path fill="#c49a7e" d="M50.68 122.69a7.322 7.322 0 0 0 7.45 4.99 9.41 9.41 0 0 0 9.07-6.48c2.4-6.46 2.37-15.45 2.37-15.45S80.2 92.62 80.2 88.24H50.66l.02 34.45z" data-v-a35fa28b></path><path fill="#d8b7a0" d="M20.74 88.22c0 5.13 10.54 17.51 10.54 17.51s0 8.98 2.36 15.45a9.4 9.4 0 0 0 9.08 6.48c3.43.15 6.6-1.83 7.96-4.99V88.22H20.74z" data-v-a35fa28b></path><path fill="#3b3b63" d="M78.93 58.71c-8.2-8.27-10.24-25.52-10.24-25.52-1.53 5.47-4.86 21.46-4.86 21.46-4.36-1.3-8.86-2.01-13.41-2.11-.23 0-.23 21.6 0 64.79l6.57-4.72 1.27-22.87 7.05 7.92 9.09 2.62 3.39-2.37c.98-1.4 1.75-2.93 2.28-4.56 1.27-3.17-1.56-27.68-1.56-27.68-1.01-2.05.42-6.96.42-6.96z" data-v-a35fa28b></path><path fill="#53537a" d="M37.7 54.65s-3.28-16.03-4.85-21.47c0 0-2.05 17.26-10.24 25.53 0 0 1.43 4.9.43 6.98 0 0-2.83 24.48-1.58 27.68.53 1.63 1.29 3.17 2.28 4.57l3.39 2.37 9.08-2.62 7.05-7.96 1.24 22.88 6.19 4.59V52.46c-4.42.06-8.8.8-12.99 2.19z" data-v-a35fa28b></path><path fill="#333152" d="M73.2 17.19c1.36 2.52 13.04 25.56 13.04 33.55l-5.19 13.91c.88 7.85 2.63 24.9 1.3 28.22-.81 2.06-3.91 6.3-6.57 9.73l3.62 32.58-4.9 3.47-2.71-23.8c-.36 2.48-.96 4.94-1.79 7.31-1.01 2.89-3.04 5.3-5.71 6.76-.14 7.35-7.03 11.32-13.5 11.32s-13.47-3.96-13.62-11.3a12.35 12.35 0 0 1-5.72-6.77c-.8-2.29-1.39-4.63-1.75-7.03l-2.6 23.95-4.94-3.53 3.56-32.83c-2.67-3.45-5.83-7.75-6.65-9.85-1.31-3.28.36-20.38 1.25-28.22l-5.47-14.39v-.47c0-7.99 12.04-30.1 13.35-32.6l3.88-7c2.36 16.23 3.55 24.36 3.55 24.37l1.92 13.13 2.51 4.07c3.45-1.18 7.05-1.83 10.68-1.92 3.65.09 7.27.73 10.72 1.92l2.51-4.07 5.47-37.52 3.76 7.01zM50.8 135.02c2.87 0 6.95-1.28 7.97-4.67h-.32c-.54 0-1.06-.04-1.59-.12a7.164 7.164 0 0 1-6.13 2.64 7.13 7.13 0 0 1-6.11-2.63c-.53.09-1.06.13-1.6.13h-.32c1.04 3.37 5.19 4.65 8.1 4.65zm-3.36-5.57a5.835 5.835 0 0 0 6.57 0c-.68-.3-1.31-.67-1.92-1.09-.45.12-.92.16-1.38.14-.47.01-.93-.03-1.39-.14-.59.42-1.21.79-1.88 1.09zm20.37-25.27c3.58-4.31 8.83-11.25 9.61-13.2.54-1.99-.42-15.25-1.65-26.41l-.07-.61 1.09-2.76c-3.43-3.6-5.82-8.54-7.45-13.19l-.22 1.46-5.41 8.75-2.18-.84c-3.45-1.37-7.1-2.15-10.81-2.3-3.69.14-7.33.92-10.76 2.3l-2.11.89-5.47-8.75-.16-1.09c-1.65 4.61-4.05 9.45-7.46 12.98l1 2.63-.07.62c-1.26 11.11-2.25 24.37-1.65 26.42.6 2.05 6.05 8.84 9.58 13.13l.59.72v.92c0 .09 0 8.61 2.19 14.54a6.787 6.787 0 0 0 6.57 4.77c2.25-.08 4.28-1.4 5.25-3.44.85-1.65 1.28-4.38 1.28-8.15h2.19c-.04 2.79.43 5.56 1.37 8.17a6.146 6.146 0 0 0 5.31 3.41c3 .04 5.67-1.89 6.57-4.76 2.19-5.95 2.19-14.47 2.19-14.55v-.92l.68-.74z" data-v-a35fa28b></path><path fill="#333152" d="M67.22 80.99H56.61v.11a6.966 6.966 0 0 0 7.24 6.69c3.63-.14 6.54-3.05 6.69-6.69v-.11h-3.32zM41.61 80.99H30.99v.11a6.966 6.966 0 0 0 7.24 6.69c3.63-.14 6.54-3.05 6.69-6.69v-.11h-3.31z" data-v-a35fa28b></path><path fill="var(--c-fg)" d="M38.85 80.99c.58 0 .92 1.01.81 1.71-.1.77-.68 1.38-1.43 1.52a1.78 1.78 0 0 1-2.07-1.42c.54.01 1.01-.37 1.09-.91.04-.34-.08-.9-.32-.9h-3.28v.11c.12 2.2 1.99 3.88 4.18 3.76h.01c2.04-.11 3.67-1.73 3.76-3.76v-.11h-2.75z" data-v-a35fa28b></path><path fill="#c49a7e" d="M66.41 77.89c.45-.48 4.23-4.71-.83-4.71-4.56 0-7.86 3.63-8.75 4.71h9.58z" data-v-a35fa28b></path><path fill="#d8b7a0" d="M44.59 77.89c-.86-1.09-4.16-4.71-8.75-4.71-5.06 0-1.27 4.22-.83 4.71h9.58zM20.28 49.36c.3-4.15 4.68-14.07 8.86-22.43l1.09 7.66c-.43 2.85-2.35 14.06-7.56 21.13l-2.39-6.36z" data-v-a35fa28b></path><path fill="#c49a7e" d="m71.32 33.93 1.02-7.05c4.18 8.36 8.57 18.29 8.86 22.43l-2.34 6.22c-5.63-7.74-7.4-20.39-7.54-21.6z" data-v-a35fa28b></path><path fill="#333152" d="M46.84 118.2c-1.96-1.47-3.97-3.28-3.97-4.74 0-.93 1.67-3.8 1.67-3.8h12.44s1.63 2.54 1.63 3.8-2.02 3.12-4.06 4.59c-.69-1.17-1.56-1.37-1.97-.45-.22.6-.26 1.25-.15 1.88-1.09.7-1.9 1.09-1.9 1.09s-.62-.35-1.52-.93c.15-.7.12-1.42-.11-2.1-.42-.94-1.3-.71-2 .49l-.06.17z" data-v-a35fa28b></path><path fill="var(--c-fg)" d="M64.6 80.99c.51.11.8 1.02.71 1.67-.14.95-1.04 1.61-1.99 1.47-.72-.09-1.31-.62-1.47-1.34.54.01 1.01-.37 1.09-.91.05-.34-.08-.9-.31-.9h-3.38v.11c0 2.2 1.79 3.98 3.99 3.98s3.98-1.78 3.98-3.98v-.11H64.6z" data-v-a35fa28b></path></g></svg></a><a href="/" class="brand-logo__sub-brand" data-v-94938a6d>Learn</a></div></div><nav class="brand-primary-header__navigation" data-v-62a7ff71><ul class="brand-primary-header__navigation-list" data-v-62a7ff71><li class="brand-disclosure-nav" data-snyk-test="LearnNav" data-v-cac54184 data-v-7001639a><span class="brand-button brand-button--tertiary brand-button--right-icon brand-disclosure-nav-button brand-disclosure-nav__handle" role="button" tabindex="0" data-v-7001639a data-v-8e91682e data-v-58bdfc01>Browse topics<span class="brand-button__icon brand-button__icon--right" data-v-58bdfc01><svg class="brand-icon brand-icon--chevron-down brand-disclosure-nav-button__collapse-state-icon" width="16" height="16" viewbox="0 0 24 24" aria-hidden="true" data-v-8e91682e data-v-dfb85cff><path d="M7.41,8.58L12,13.17L16.59,8.58L18,10L12,16L6,10L7.41,8.58Z" data-v-dfb85cff></path></svg></span></span><div class="brand-disclosure-nav__attachment-point" data-v-7001639a><div class="brand-disclosure-nav-contents brand-disclosure-nav__dropdown" data-snyk-test="BrandDisclosureNav: Contents" data-v-7001639a data-v-625b976b><div class="brand-disclosure-nav-contents__pointer" data-v-625b976b></div><div class="brand-disclosure-nav-contents__content" data-v-625b976b><div class="brand-disclosure-nav__nav-lists" data-v-7001639a><div class="brand-header-nav-item-list" data-v-cac54184 data-v-eabc5cee><div class="brand-header-nav-item-list__title" data-v-eabc5cee>By type</div><ul class="brand-header-nav-item-list__nav-items" data-v-eabc5cee><li data-v-eabc5cee><a class="brand-nav-link" href="/catalog/security-education" type="link" data-v-eabc5cee data-v-467c14e7><div class="brand-nav-link__text" data-v-467c14e7><div class="brand-nav-link__title" data-v-467c14e7>Security education</div></div></a></li><li data-v-eabc5cee><a class="brand-nav-link" href="/catalog/product-training" type="link" data-v-eabc5cee data-v-467c14e7><div class="brand-nav-link__text" data-v-467c14e7><div class="brand-nav-link__title" data-v-467c14e7>Product training</div></div></a></li></ul></div><div class="brand-header-nav-item-list" data-v-cac54184 data-v-eabc5cee><div class="brand-header-nav-item-list__title" data-v-eabc5cee>By format</div><ul class="brand-header-nav-item-list__nav-items" data-v-eabc5cee><li data-v-eabc5cee><a class="brand-nav-link" href="/catalog/?format=lesson" type="link" data-v-eabc5cee data-v-467c14e7><div class="brand-nav-link__text" data-v-467c14e7><div class="brand-nav-link__title" data-v-467c14e7>Lesson</div></div></a></li><li data-v-eabc5cee><a class="brand-nav-link" href="/catalog/?format=learning_path" type="link" data-v-eabc5cee data-v-467c14e7><div class="brand-nav-link__text" data-v-467c14e7><div class="brand-nav-link__title" data-v-467c14e7>Learning path</div></div></a></li></ul></div></div><div class="brand-disclosure-nav-contents__cta" data-v-625b976b><a class="brand-button brand-button--tertiary brand-nav-cta-button" role="button" href="/catalog/" data-v-cac54184 data-v-75be8e96 data-v-58bdfc01> View all <svg class="brand-icon brand-icon--arrow-right" width="24" height="24" viewbox="0 0 24 24" aria-hidden="true" color="blue" data-v-75be8e96 data-v-c3202642><path fill="currentColor" d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-c3202642></path></svg></a></div></div></div></div></li></ul></nav><div class="brand-primary-header__actions" data-v-62a7ff71><div style="display:none;" data-v-cac54184><div class="brand-disclosure-nav" data-snyk-test="TenantSelector" data-v-cac54184 data-v-7001639a><span class="brand-button brand-button--tertiary brand-button--right-icon brand-disclosure-nav-button brand-disclosure-nav__handle" role="button" tabindex="0" data-v-7001639a data-v-8e91682e data-v-58bdfc01>Login<span class="brand-button__icon brand-button__icon--right" data-v-58bdfc01><svg class="brand-icon brand-icon--chevron-down brand-disclosure-nav-button__collapse-state-icon" width="16" height="16" viewbox="0 0 24 24" aria-hidden="true" data-v-8e91682e data-v-dfb85cff><path d="M7.41,8.58L12,13.17L16.59,8.58L18,10L12,16L6,10L7.41,8.58Z" data-v-dfb85cff></path></svg></span></span><div class="brand-disclosure-nav__attachment-point" data-v-7001639a><div class="brand-disclosure-nav-contents brand-disclosure-nav-contents--right brand-disclosure-nav__dropdown brand-disclosure-nav__dropdown--right" data-snyk-test="BrandDisclosureNav: Contents" data-v-7001639a data-v-625b976b><div class="brand-disclosure-nav-contents__pointer" data-v-625b976b></div><div class="brand-disclosure-nav-contents__content" data-v-625b976b><div class="brand-disclosure-nav__nav-lists" data-v-7001639a><div class="tenant-selector__wrapper" data-v-409070e7><p class="tenant-selector__title" data-v-409070e7>SNYK LEARN LOGIN</p><ul class="tenant-selector__menu" data-v-409070e7><li data-v-409070e7><a class="brand-button brand-button--tertiary brand-nav-cta-button tenant-selector__menu-item" role="link" title="Snyk (recommended)" href="https://api.snyk.io/v1/learn/auth?cta=login&page=learn-homepage&loc=nav&learn_redirect_path=%2Fuser%2Flearning-progress" data-v-409070e7 data-v-75be8e96 data-v-58bdfc01><span class="tenant-selector__menu-item__text" data-v-409070e7>🌍 Snyk (recommended)</span><svg class="brand-icon brand-icon--arrow-right" width="24" height="24" viewbox="0 0 24 24" aria-hidden="true" color="blue" data-v-75be8e96 data-v-c3202642><path fill="currentColor" d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-c3202642></path></svg></a></li></ul><p class="tenant-selector__title" data-v-409070e7>OTHER REGIONS</p><p class="tenant-selector__sub-title" data-v-409070e7> For Snyk Enterprise customers with regional contracts. <a title="regional hosting contracts" href="https://docs.snyk.io/working-with-snyk/regional-hosting-and-data-residency" data-v-409070e7> More info </a></p><ul class="tenant-selector__menu" data-v-409070e7><li data-v-409070e7><a class="brand-button brand-button--tertiary brand-nav-cta-button tenant-selector__menu-item" role="link" title="Snyk EU" href="https://api.eu.snyk.io/v1/learn/auth?cta=login&page=learn-homepage&loc=nav&learn_redirect_path=%2Fuser%2Flearning-progress" data-v-409070e7 data-v-75be8e96 data-v-58bdfc01><span class="tenant-selector__menu-item__text" data-v-409070e7>🇪🇺 Snyk EU</span><svg class="brand-icon brand-icon--arrow-right" width="24" height="24" viewbox="0 0 24 24" aria-hidden="true" color="blue" data-v-75be8e96 data-v-c3202642><path fill="currentColor" d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-c3202642></path></svg></a></li><li data-v-409070e7><a class="brand-button brand-button--tertiary brand-nav-cta-button tenant-selector__menu-item" role="link" title="Snyk AUS" href="https://api.au.snyk.io/v1/learn/auth?cta=login&page=learn-homepage&loc=nav&learn_redirect_path=%2Fuser%2Flearning-progress" data-v-409070e7 data-v-75be8e96 data-v-58bdfc01><span class="tenant-selector__menu-item__text" data-v-409070e7>🇦🇺 Snyk AUS</span><svg class="brand-icon brand-icon--arrow-right" width="24" height="24" viewbox="0 0 24 24" aria-hidden="true" color="blue" data-v-75be8e96 data-v-c3202642><path fill="currentColor" d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-c3202642></path></svg></a></li><li data-v-409070e7><a class="brand-button brand-button--tertiary brand-nav-cta-button tenant-selector__menu-item" role="link" title="Snyk US" href="https://api.us.snyk.io/v1/learn/auth?cta=login&page=learn-homepage&loc=nav&learn_redirect_path=%2Fuser%2Flearning-progress" data-v-409070e7 data-v-75be8e96 data-v-58bdfc01><span class="tenant-selector__menu-item__text" data-v-409070e7>🇺🇸 Snyk US</span><svg class="brand-icon brand-icon--arrow-right" width="24" height="24" viewbox="0 0 24 24" aria-hidden="true" color="blue" data-v-75be8e96 data-v-c3202642><path fill="currentColor" d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-c3202642></path></svg></a></li></ul></div></div></div></div></div></div></div><div style="display:none;" data-v-cac54184><a class="brand-button brand-button--primary" role="button" href="https://api.snyk.io/v1/learn/auth?cta=signup&page=learn-homepage&loc=nav&learn_redirect_path=%2Fuser%2Flearning-progress" data-v-cac54184 data-v-58bdfc01><span data-v-cac54184>Sign up</span></a></div></div></div></div></header></div><div class="content" data-v-17e5ae28><main data-v-17e5ae28 data-v-9590d597><section class="hero" data-v-9590d597 data-v-739057c8><div class="hero__wrapper" data-v-739057c8><h1 class="title" data-v-739057c8>Developer security training from Snyk</h1><h2 class="subtitle" data-v-739057c8> Snyk Learn teaches developers how to stay secure with interactive lessons exploring vulnerabilities across a variety of languages and ecosystems. </h2><a class="learnButton button button--primary button--medium" isfullwidth="false" href="/catalog/" data-v-739057c8 data-v-fc682313 data-v-2420650a> Start learning </a></div></section><div class="max-page-width" data-v-9590d597><div class="education-journey" data-v-9590d597 data-v-3fe966cb><h2 data-v-3fe966cb>Be in control of your own security<br data-v-3fe966cb>education journey</h2><div class="education-journey__content" data-v-3fe966cb><div class="description" data-v-3fe966cb><section data-v-3fe966cb><h3 data-v-3fe966cb>Learn from experts for free</h3><span data-v-3fe966cb> An intuitive learning tool that empowers developers to learn security from industry experts for free. </span></section><section data-v-3fe966cb><h3 data-v-3fe966cb>Learn when it’s relevant</h3><span data-v-3fe966cb> Bite-sized, instant learning content, curated to help you find and focus on just what you need when you need it. </span></section><section data-v-3fe966cb><h3 data-v-3fe966cb>Learn on your own code</h3><span data-v-3fe966cb> Learn about security based on issues found in your own code, so you can understand, fix, and avoid vulnerabilities. </span></section></div><img alt="Snyk Learn education journey" src="https://res.cloudinary.com/snyk/image/upload/v1699638399/illustration-ui-spot-snyk-learn-sql-injection.svg" loading="lazy" data-v-3fe966cb></div></div><div class="product-training" data-v-9590d597 data-v-fcfd2371><h2 data-v-fcfd2371> Accelerate your Snyk knowledge<br data-v-fcfd2371> with in-depth training </h2><div class="product-training__content" data-v-fcfd2371><img alt="Snyk Learn product training" src="https://res.cloudinary.com/snyk/image/upload/v1699638399/illustration-ui-spot-snyk-learn-integrating-snyk.svg" loading="lazy" data-v-fcfd2371><div class="description" data-v-fcfd2371><section data-v-fcfd2371><h3 data-v-fcfd2371>Onboard faster</h3><span data-v-fcfd2371> Learn best practices from product experts to accelerate your Snyk implementation and increase your ROI. </span></section><section data-v-fcfd2371><h3 data-v-fcfd2371>Increase developer productivity</h3><span data-v-fcfd2371> Empower devs with lessons on integrations, workflows, and rollout to improve adoption across the engineering organization. </span></section><section data-v-fcfd2371><h3 data-v-fcfd2371>Reduce risk</h3><span data-v-fcfd2371> Build and manage a successful application security platform with advice from industry experts. </span></section></div></div></div><div class="security-education-banner" data-v-9590d597 data-v-dfbc9cb2><img alt="Snyk Mascot" src="https://res.cloudinary.com/snyk/image/upload/v1655284975/snyk-learn/homepage/patchCloudImage.svg" class="patchImage" width="220" height="160" loading="lazy" data-v-dfbc9cb2><div class="security-education-banner__caption" data-v-dfbc9cb2><h2 data-v-dfbc9cb2> Free security education<br data-v-dfbc9cb2> designed for developers </h2><ul data-v-dfbc9cb2><li data-v-dfbc9cb2>Engaging and actionable developer security education</li><li data-v-dfbc9cb2>Aligned to the NIST NICE Workforce Framework for Cybersecurity</li><li data-v-dfbc9cb2>Integrated with the Snyk Platform for just-in-time learning</li></ul><a class="learnButton button button--primary button--medium" isfullwidth="false" href="https://api.snyk.io/v1/learn/auth?cta=signup&page=learn-homepage&loc=banner&learn_redirect_path=%2Fuser%2Flearning-progress" target="_self" data-v-dfbc9cb2 data-v-fc682313 data-v-2420650a>Sign up for free</a></div></div><div data-v-9590d597 data-v-8597f1f6><h2 class="latest-lessons__title" data-v-8597f1f6>Latest Lessons</h2><div data-v-8597f1f6><section class="latest-lessons__cards" data-snyk-test="LessonListing" data-v-8597f1f6><a href="/lesson/immature-software/" class="" aria-label="Immature software" data-v-8597f1f6><div class="card" data-v-680ad9e6><div class="card__hero" data-v-680ad9e6><img class="card__hero__image" width="344" height="157" alt="python Immature software" src="https://images.ctfassets.net/4un77bcsnjzw/5UdnfVbcgSMXHdqPcWm02i/4dc6c7b87d21b2619bfb28c4a2227462/OSS-8.svg" data-v-680ad9e6><span class="badge badge--info badge--large card__hero__pill" data-v-680ad9e6 data-v-1920d3cd>NEW</span></div><div class="card__content" data-v-680ad9e6><h2 class="heading heading--2 card__title" data-v-680ad9e6 data-v-27327998>Immature software</h2><div class="card__description" data-v-680ad9e6>Learn about immature software in open-source projects, its associated risks, and how to mitigate issues with best practices and thorough evaluation.</div><div class="card__icon" data-v-680ad9e6><svg class="icon icon--language-javascript tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="javascript" aria-describedby="tooltip-EhGUVP" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-00dfaa56><path d="M3,3H21V21H3V3M7.73,18.04C8.13,18.89 8.92,19.59 10.27,19.59C11.77,19.59 12.8,18.79 12.8,17.04V11.26H11.1V17C11.1,17.86 10.75,18.08 10.2,18.08C9.62,18.08 9.38,17.68 9.11,17.21L7.73,18.04M13.71,17.86C14.21,18.84 15.22,19.59 16.8,19.59C18.4,19.59 19.6,18.76 19.6,17.23C19.6,15.82 18.79,15.19 17.35,14.57L16.93,14.39C16.2,14.08 15.89,13.87 15.89,13.37C15.89,12.96 16.2,12.64 16.7,12.64C17.18,12.64 17.5,12.85 17.79,13.37L19.1,12.5C18.55,11.54 17.77,11.17 16.7,11.17C15.19,11.17 14.22,12.13 14.22,13.4C14.22,14.78 15.03,15.43 16.25,15.95L16.67,16.13C17.45,16.47 17.91,16.68 17.91,17.26C17.91,17.74 17.46,18.09 16.76,18.09C15.93,18.09 15.45,17.66 15.09,17.06L13.71,17.86Z" data-v-00dfaa56></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-EhGUVP" role="tooltip" data-v-a626e57c data-v-bd634d53>JavaScript</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg width="26" height="26" class="icon icon--java-duke tooltip-trigger" viewbox="0 0 10 18" role="img" aria-label="java" aria-describedby="tooltip-WX7B01" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-4e6d9ae3><g clip-path="url(#clip0_1615_1567)" data-v-4e6d9ae3><path fill-rule="evenodd" clip-rule="evenodd" d="M2.16255 1.9227C2.5354 2.70207 2.28365 8.14492 1.84707 10.0536C1.41049 11.9654 0.973908 14.3958 0.871933 16.4412C0.827319 17.3128 0.961161 17.6564 1.53158 17.6564C2.53858 17.6564 3.81646 15.5378 5.41937 15.5855C7.02548 15.6332 7.53535 18.0159 8.28742 17.9999C9.03948 17.984 9.64496 17.7232 9.65133 15.4042C9.67364 8.48207 3.86107 2.87062 2.16255 1.9227Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M7.20386 7.45463C7.55759 8.0495 8.45943 7.59142 8.49767 6.92021C8.53591 6.249 8.43712 5.40283 8.00054 5.37102C7.56396 5.33921 7.25166 4.9034 6.81508 4.87159C6.3785 4.83977 5.91006 5.27558 5.70611 4.69663C5.50216 4.11767 6.25422 3.87272 6.81508 3.78047C6.31477 3.28104 6.02159 2.72753 5.80171 2.15175C5.58182 1.57597 5.4193 1.04791 6.03434 0.822053C6.64937 0.596195 6.59839 1.75729 7.30265 2.28854C7.09551 1.50599 7.01903 1.18152 7.03497 0.72662C7.0509 0.271724 7.01903 -0.0750154 7.66594 0.0140552C8.31284 0.103126 8.03241 1.44555 8.53591 1.9927C8.68887 1.47418 8.78129 0.815691 9.15095 0.545298C9.52061 0.274905 10.3619 0.268543 9.82653 1.37874C9.29116 2.48895 9.98268 3.09017 9.82016 3.96497C9.65763 4.83977 9.15413 4.68072 8.93744 5.24377C8.72074 5.80683 9.0649 7.08881 8.65701 7.66459C8.24911 8.24036 8.17581 9.12471 8.44031 9.83091C7.6277 9.07381 7.20386 7.45463 7.20386 7.45463Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M2.1402 8.20218C1.81197 10.448 0.671126 10.7152 0.613766 11.6473C0.556405 12.5794 0.916503 12.6684 0.894196 13.5305C0.871889 14.3926 0.103891 14.7425 0.0114765 15.2101C-0.0809383 15.6778 0.406629 15.8273 0.690247 15.8273C0.973864 15.8273 1.25748 14.5866 1.3722 13.7977C1.48693 13.0088 0.996171 12.5444 0.996171 12.0036C0.996171 11.4628 1.70681 10.4735 1.57615 11.3419C2.1657 10.413 2.44617 9.22963 2.1402 8.20218Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M2.58 9.05785C2.33144 10.273 0.779509 17.0583 1.56981 17.1442C2.36012 17.2301 3.48503 15.0447 5.32695 15.0606C7.17206 15.0765 7.89863 17.51 8.34796 17.4941C8.79728 17.4782 9.09365 17.6532 9.14145 14.9111C9.18925 12.169 7.51304 8.66658 6.52197 7.12375C5.17713 7.20964 3.73036 8.28489 2.58 9.05785Z" fill="white" data-v-4e6d9ae3></path><path d="M6.50979 7.57865C6.43623 6.81894 5.87213 6.34209 5.14238 6.22549C4.43758 6.11287 3.67029 6.44631 3.17688 6.93885C2.62195 7.49281 2.59978 8.26334 2.98833 8.91966C3.37167 9.56723 4.22084 9.78125 4.91643 9.61928C5.86828 9.39771 6.57166 8.56669 6.50979 7.57865Z" fill="black" data-v-4e6d9ae3></path><path d="M6.1592 7.86176C6.09312 8.55219 5.54191 9.1069 4.87814 9.26781C4.17574 9.43808 3.40017 9.16809 3.14776 8.44709C3.01887 8.07896 3.04286 7.70134 3.26447 7.37797C3.45138 7.10533 3.75279 6.89197 4.05137 6.75651C4.66764 6.47702 5.54877 6.44596 5.97805 7.06919C6.1407 7.30538 6.16916 7.58342 6.1592 7.86176Z" fill="url(#paint0_radial_1615_1567)" stroke="black" data-v-4e6d9ae3></path></g><defs data-v-4e6d9ae3><radialGradient id="paint0_radial_1615_1567" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(3.83413 7.38143) scale(2.4217 2.41743)" data-v-4e6d9ae3><stop stop-color="white" data-v-4e6d9ae3></stop><stop offset="0.0604" stop-color="#FBC8B4" data-v-4e6d9ae3></stop><stop offset="0.0712" stop-color="#FBC3B0" data-v-4e6d9ae3></stop><stop offset="0.1829" stop-color="#F7978B" data-v-4e6d9ae3></stop><stop offset="0.2995" stop-color="#F4716B" data-v-4e6d9ae3></stop><stop offset="0.4199" stop-color="#F15251" data-v-4e6d9ae3></stop><stop offset="0.5453" stop-color="#EF3A3D" data-v-4e6d9ae3></stop><stop offset="0.6778" stop-color="#EE292F" data-v-4e6d9ae3></stop><stop offset="0.822" stop-color="#ED1F27" data-v-4e6d9ae3></stop><stop offset="1" stop-color="#ED1C24" data-v-4e6d9ae3></stop></radialGradient><clipPath id="clip0_1615_1567" data-v-4e6d9ae3><rect width="10" height="18" fill="white" data-v-4e6d9ae3></rect></clipPath></defs></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-WX7B01" role="tooltip" data-v-a626e57c data-v-bd634d53>Java</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-python tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="python" aria-describedby="tooltip-tDXdWP" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-9555a819><path d="M19.14,7.5A2.86,2.86 0 0,1 22,10.36V14.14A2.86,2.86 0 0,1 19.14,17H12C12,17.39 12.32,17.96 12.71,17.96H17V19.64A2.86,2.86 0 0,1 14.14,22.5H9.86A2.86,2.86 0 0,1 7,19.64V15.89C7,14.31 8.28,13.04 9.86,13.04H15.11C16.69,13.04 17.96,11.76 17.96,10.18V7.5H19.14M14.86,19.29C14.46,19.29 14.14,19.59 14.14,20.18C14.14,20.77 14.46,20.89 14.86,20.89A0.71,0.71 0 0,0 15.57,20.18C15.57,19.59 15.25,19.29 14.86,19.29M4.86,17.5C3.28,17.5 2,16.22 2,14.64V10.86C2,9.28 3.28,8 4.86,8H12C12,7.61 11.68,7.04 11.29,7.04H7V5.36C7,3.78 8.28,2.5 9.86,2.5H14.14C15.72,2.5 17,3.78 17,5.36V9.11C17,10.69 15.72,11.96 14.14,11.96H8.89C7.31,11.96 6.04,13.24 6.04,14.82V17.5H4.86M9.14,5.71C9.54,5.71 9.86,5.41 9.86,4.82C9.86,4.23 9.54,4.11 9.14,4.11C8.75,4.11 8.43,4.23 8.43,4.82C8.43,5.41 8.75,5.71 9.14,5.71Z" data-v-9555a819></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-tDXdWP" role="tooltip" data-v-a626e57c data-v-bd634d53>Python</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-csharp tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="csharp" aria-describedby="tooltip-ACdnb1" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-d00433c2><path d="M11.5,15.97L11.91,18.41C11.65,18.55 11.23,18.68 10.67,18.8C10.1,18.93 9.43,19 8.66,19C6.45,18.96 4.79,18.3 3.68,17.04C2.56,15.77 2,14.16 2,12.21C2.05,9.9 2.72,8.13 4,6.89C5.32,5.64 6.96,5 8.94,5C9.69,5 10.34,5.07 10.88,5.19C11.42,5.31 11.82,5.44 12.08,5.59L11.5,8.08L10.44,7.74C10.04,7.64 9.58,7.59 9.05,7.59C7.89,7.58 6.93,7.95 6.18,8.69C5.42,9.42 5.03,10.54 5,12.03C5,13.39 5.37,14.45 6.08,15.23C6.79,16 7.79,16.4 9.07,16.41L10.4,16.29C10.83,16.21 11.19,16.1 11.5,15.97M13.89,19L14.5,15H13L13.34,13H14.84L15.16,11H13.66L14,9H15.5L16.11,5H18.11L17.5,9H18.5L19.11,5H21.11L20.5,9H22L21.66,11H20.16L19.84,13H21.34L21,15H19.5L18.89,19H16.89L17.5,15H16.5L15.89,19H13.89M16.84,13H17.84L18.16,11H17.16L16.84,13Z" data-v-d00433c2></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-ACdnb1" role="tooltip" data-v-a626e57c data-v-bd634d53>C#</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-go tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="golang" aria-describedby="tooltip-q1NGR9" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-82c7e7a6><path d="M2.64,10.33L2.62,10.27L2.84,10L2.96,9.92H6.8L6.83,10L6.65,10.26L6.54,10.32L2.64,10.33M1.03,11.31L1,11.26L1.22,10.97L1.34,10.91H6.24L6.29,11L6.21,11.24L6.11,11.31H1.03M3.63,12.3L3.59,12.24L3.75,11.96L3.85,11.9H6L6.07,11.97L6.05,12.22L5.97,12.3H3.63M14.78,10.14L13,10.61C12.81,10.65 12.8,10.66 12.66,10.5C12.5,10.32 12.39,10.21 12.16,10.1C11.5,9.76 10.83,9.86 10.22,10.25C9.5,10.73 9.11,11.42 9.12,12.3C9.13,13.16 9.72,13.87 10.57,14C11.3,14.09 11.91,13.83 12.4,13.28L12.69,12.89H10.62C10.4,12.89 10.35,12.75 10.42,12.57L10.97,11.39C11,11.33 11.08,11.22 11.24,11.22H14.68C14.83,10.72 15.09,10.26 15.43,9.81C16.21,8.78 17.16,8.24 18.43,8C19.5,7.82 20.56,7.93 21.5,8.57C22.34,9.15 22.87,9.93 23,10.96C23.19,12.41 22.76,13.59 21.76,14.61C21.05,15.33 20.18,15.78 19.19,16L18.33,16.08C17.35,16.06 16.46,15.78 15.71,15.13C15.19,14.68 14.83,14.14 14.65,13.5C14.5,13.74 14.38,13.97 14.21,14.2C13.44,15.22 12.43,15.85 11.15,16C10.1,16.16 9.12,15.95 8.26,15.31C7.47,14.71 7,13.91 6.9,12.92C6.76,11.75 7.1,10.7 7.81,9.78C8.57,8.78 9.58,8.15 10.82,7.92C11.82,7.74 12.79,7.86 13.66,8.44C14.23,8.82 14.63,9.34 14.9,9.96C14.94,10.05 14.9,10.11 14.78,10.14M20.89,11.74L20.86,11.38C20.67,10.32 19.69,9.72 18.67,9.95C17.66,10.17 17,10.8 16.79,11.81C16.6,12.65 17,13.5 17.77,13.84C18.36,14.1 18.96,14.06 19.53,13.78C20.37,13.35 20.84,12.66 20.89,11.74Z" data-v-82c7e7a6></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-q1NGR9" role="tooltip" data-v-a626e57c data-v-bd634d53>Go</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-php tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="php" aria-describedby="tooltip-A489wx" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-64b51343><path d="M12,18.08C5.37,18.08 0,15.36 0,12C0,8.64 5.37,5.92 12,5.92C18.63,5.92 24,8.64 24,12C24,15.36 18.63,18.08 12,18.08M6.81,10.13C7.35,10.13 7.72,10.23 7.9,10.44C8.08,10.64 8.12,11 8.03,11.47C7.93,12 7.74,12.34 7.45,12.56C7.17,12.78 6.74,12.89 6.16,12.89H5.29L5.82,10.13H6.81M3.31,15.68H4.75L5.09,13.93H6.32C6.86,13.93 7.3,13.87 7.65,13.76C8,13.64 8.32,13.45 8.61,13.18C8.85,12.96 9.04,12.72 9.19,12.45C9.34,12.19 9.45,11.89 9.5,11.57C9.66,10.79 9.55,10.18 9.17,9.75C8.78,9.31 8.18,9.1 7.35,9.1H4.59L3.31,15.68M10.56,7.35L9.28,13.93H10.7L11.44,10.16H12.58C12.94,10.16 13.18,10.22 13.29,10.34C13.4,10.46 13.42,10.68 13.36,11L12.79,13.93H14.24L14.83,10.86C14.96,10.24 14.86,9.79 14.56,9.5C14.26,9.23 13.71,9.1 12.91,9.1H11.64L12,7.35H10.56M18,10.13C18.55,10.13 18.91,10.23 19.09,10.44C19.27,10.64 19.31,11 19.22,11.47C19.12,12 18.93,12.34 18.65,12.56C18.36,12.78 17.93,12.89 17.35,12.89H16.5L17,10.13H18M14.5,15.68H15.94L16.28,13.93H17.5C18.05,13.93 18.5,13.87 18.85,13.76C19.2,13.64 19.5,13.45 19.8,13.18C20.04,12.96 20.24,12.72 20.38,12.45C20.53,12.19 20.64,11.89 20.7,11.57C20.85,10.79 20.74,10.18 20.36,9.75C20,9.31 19.37,9.1 18.54,9.1H15.79L14.5,15.68Z" data-v-64b51343></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-A489wx" role="tooltip" data-v-a626e57c data-v-bd634d53>PHP</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-cpp tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="cpp" aria-describedby="tooltip-LRdFzd" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-035ba3d8><path d="M10.5,15.97L10.91,18.41C10.65,18.55 10.23,18.68 9.67,18.8C9.1,18.93 8.43,19 7.66,19C5.45,18.96 3.79,18.3 2.68,17.04C1.56,15.77 1,14.16 1,12.21C1.05,9.9 1.72,8.13 3,6.89C4.32,5.64 5.96,5 7.94,5C8.69,5 9.34,5.07 9.88,5.19C10.42,5.31 10.82,5.44 11.08,5.59L10.5,8.08L9.44,7.74C9.04,7.64 8.58,7.59 8.05,7.59C6.89,7.58 5.93,7.95 5.18,8.69C4.42,9.42 4.03,10.54 4,12.03C4,13.39 4.37,14.45 5.08,15.23C5.79,16 6.79,16.4 8.07,16.41L9.4,16.29C9.83,16.21 10.19,16.1 10.5,15.97M11,11H13V9H15V11H17V13H15V15H13V13H11V11M18,11H20V9H22V11H24V13H22V15H20V13H18V11Z" data-v-035ba3d8></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-LRdFzd" role="tooltip" data-v-a626e57c data-v-bd634d53>C++</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div></div><div class="card__footer" data-test-id="card-footer" data-v-680ad9e6><button class="card__cta button button--default button--medium" icon-right type="button" data-v-680ad9e6 data-v-2420650a>Start learning <span class="button__icon button__icon--right" data-v-2420650a><svg class="icon icon--arrow-right" width="18" height="18" viewbox="0 0 24 24" aria-hidden="true" data-v-680ad9e6 data-v-4f6891af><path d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-4f6891af></path></svg></span></button><div class="progress" data-v-680ad9e6 data-v-11003b61><span id="progress-LAVCO0Kd1L" class="progress__text progress__text--with-margin" data-v-11003b61>0% Completed </span><div class="outer" role="progressbar" aria-labelledby="progress-LAVCO0Kd1L" data-v-11003b61><div class="inner" style="width:0px;" data-v-11003b61> </div></div></div></div></div></div></a><a href="/lesson/license-and-regulatory-risk/" class="" aria-label="License and Regulatory Risk" data-v-8597f1f6><div class="card" data-v-680ad9e6><div class="card__hero" data-v-680ad9e6><img class="card__hero__image" width="344" height="157" alt="python License and Regulatory Risk" src="https://images.ctfassets.net/4un77bcsnjzw/29Jxsj2gbiSiUD3e0QGNox/64094a20365785711a81a64f420d8756/OSS-7.svg" data-v-680ad9e6><span class="badge badge--info badge--large card__hero__pill" data-v-680ad9e6 data-v-1920d3cd>NEW</span></div><div class="card__content" data-v-680ad9e6><h2 class="heading heading--2 card__title" data-v-680ad9e6 data-v-27327998>License and Regulatory Risk</h2><div class="card__description" data-v-680ad9e6>Learn the importance of managing license and regulatory risk effectively. This includes understanding licensing terms, ensuring compliance, and more.</div><div class="card__icon" data-v-680ad9e6><svg class="icon icon--language-javascript tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="javascript" aria-describedby="tooltip-dioTfa" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-00dfaa56><path d="M3,3H21V21H3V3M7.73,18.04C8.13,18.89 8.92,19.59 10.27,19.59C11.77,19.59 12.8,18.79 12.8,17.04V11.26H11.1V17C11.1,17.86 10.75,18.08 10.2,18.08C9.62,18.08 9.38,17.68 9.11,17.21L7.73,18.04M13.71,17.86C14.21,18.84 15.22,19.59 16.8,19.59C18.4,19.59 19.6,18.76 19.6,17.23C19.6,15.82 18.79,15.19 17.35,14.57L16.93,14.39C16.2,14.08 15.89,13.87 15.89,13.37C15.89,12.96 16.2,12.64 16.7,12.64C17.18,12.64 17.5,12.85 17.79,13.37L19.1,12.5C18.55,11.54 17.77,11.17 16.7,11.17C15.19,11.17 14.22,12.13 14.22,13.4C14.22,14.78 15.03,15.43 16.25,15.95L16.67,16.13C17.45,16.47 17.91,16.68 17.91,17.26C17.91,17.74 17.46,18.09 16.76,18.09C15.93,18.09 15.45,17.66 15.09,17.06L13.71,17.86Z" data-v-00dfaa56></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-dioTfa" role="tooltip" data-v-a626e57c data-v-bd634d53>JavaScript</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg width="26" height="26" class="icon icon--java-duke tooltip-trigger" viewbox="0 0 10 18" role="img" aria-label="java" aria-describedby="tooltip-C3z7UU" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-4e6d9ae3><g clip-path="url(#clip0_1615_1567)" data-v-4e6d9ae3><path fill-rule="evenodd" clip-rule="evenodd" d="M2.16255 1.9227C2.5354 2.70207 2.28365 8.14492 1.84707 10.0536C1.41049 11.9654 0.973908 14.3958 0.871933 16.4412C0.827319 17.3128 0.961161 17.6564 1.53158 17.6564C2.53858 17.6564 3.81646 15.5378 5.41937 15.5855C7.02548 15.6332 7.53535 18.0159 8.28742 17.9999C9.03948 17.984 9.64496 17.7232 9.65133 15.4042C9.67364 8.48207 3.86107 2.87062 2.16255 1.9227Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M7.20386 7.45463C7.55759 8.0495 8.45943 7.59142 8.49767 6.92021C8.53591 6.249 8.43712 5.40283 8.00054 5.37102C7.56396 5.33921 7.25166 4.9034 6.81508 4.87159C6.3785 4.83977 5.91006 5.27558 5.70611 4.69663C5.50216 4.11767 6.25422 3.87272 6.81508 3.78047C6.31477 3.28104 6.02159 2.72753 5.80171 2.15175C5.58182 1.57597 5.4193 1.04791 6.03434 0.822053C6.64937 0.596195 6.59839 1.75729 7.30265 2.28854C7.09551 1.50599 7.01903 1.18152 7.03497 0.72662C7.0509 0.271724 7.01903 -0.0750154 7.66594 0.0140552C8.31284 0.103126 8.03241 1.44555 8.53591 1.9927C8.68887 1.47418 8.78129 0.815691 9.15095 0.545298C9.52061 0.274905 10.3619 0.268543 9.82653 1.37874C9.29116 2.48895 9.98268 3.09017 9.82016 3.96497C9.65763 4.83977 9.15413 4.68072 8.93744 5.24377C8.72074 5.80683 9.0649 7.08881 8.65701 7.66459C8.24911 8.24036 8.17581 9.12471 8.44031 9.83091C7.6277 9.07381 7.20386 7.45463 7.20386 7.45463Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M2.1402 8.20218C1.81197 10.448 0.671126 10.7152 0.613766 11.6473C0.556405 12.5794 0.916503 12.6684 0.894196 13.5305C0.871889 14.3926 0.103891 14.7425 0.0114765 15.2101C-0.0809383 15.6778 0.406629 15.8273 0.690247 15.8273C0.973864 15.8273 1.25748 14.5866 1.3722 13.7977C1.48693 13.0088 0.996171 12.5444 0.996171 12.0036C0.996171 11.4628 1.70681 10.4735 1.57615 11.3419C2.1657 10.413 2.44617 9.22963 2.1402 8.20218Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M2.58 9.05785C2.33144 10.273 0.779509 17.0583 1.56981 17.1442C2.36012 17.2301 3.48503 15.0447 5.32695 15.0606C7.17206 15.0765 7.89863 17.51 8.34796 17.4941C8.79728 17.4782 9.09365 17.6532 9.14145 14.9111C9.18925 12.169 7.51304 8.66658 6.52197 7.12375C5.17713 7.20964 3.73036 8.28489 2.58 9.05785Z" fill="white" data-v-4e6d9ae3></path><path d="M6.50979 7.57865C6.43623 6.81894 5.87213 6.34209 5.14238 6.22549C4.43758 6.11287 3.67029 6.44631 3.17688 6.93885C2.62195 7.49281 2.59978 8.26334 2.98833 8.91966C3.37167 9.56723 4.22084 9.78125 4.91643 9.61928C5.86828 9.39771 6.57166 8.56669 6.50979 7.57865Z" fill="black" data-v-4e6d9ae3></path><path d="M6.1592 7.86176C6.09312 8.55219 5.54191 9.1069 4.87814 9.26781C4.17574 9.43808 3.40017 9.16809 3.14776 8.44709C3.01887 8.07896 3.04286 7.70134 3.26447 7.37797C3.45138 7.10533 3.75279 6.89197 4.05137 6.75651C4.66764 6.47702 5.54877 6.44596 5.97805 7.06919C6.1407 7.30538 6.16916 7.58342 6.1592 7.86176Z" fill="url(#paint0_radial_1615_1567)" stroke="black" data-v-4e6d9ae3></path></g><defs data-v-4e6d9ae3><radialGradient id="paint0_radial_1615_1567" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(3.83413 7.38143) scale(2.4217 2.41743)" data-v-4e6d9ae3><stop stop-color="white" data-v-4e6d9ae3></stop><stop offset="0.0604" stop-color="#FBC8B4" data-v-4e6d9ae3></stop><stop offset="0.0712" stop-color="#FBC3B0" data-v-4e6d9ae3></stop><stop offset="0.1829" stop-color="#F7978B" data-v-4e6d9ae3></stop><stop offset="0.2995" stop-color="#F4716B" data-v-4e6d9ae3></stop><stop offset="0.4199" stop-color="#F15251" data-v-4e6d9ae3></stop><stop offset="0.5453" stop-color="#EF3A3D" data-v-4e6d9ae3></stop><stop offset="0.6778" stop-color="#EE292F" data-v-4e6d9ae3></stop><stop offset="0.822" stop-color="#ED1F27" data-v-4e6d9ae3></stop><stop offset="1" stop-color="#ED1C24" data-v-4e6d9ae3></stop></radialGradient><clipPath id="clip0_1615_1567" data-v-4e6d9ae3><rect width="10" height="18" fill="white" data-v-4e6d9ae3></rect></clipPath></defs></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-C3z7UU" role="tooltip" data-v-a626e57c data-v-bd634d53>Java</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-python tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="python" aria-describedby="tooltip-mCCMxX" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-9555a819><path d="M19.14,7.5A2.86,2.86 0 0,1 22,10.36V14.14A2.86,2.86 0 0,1 19.14,17H12C12,17.39 12.32,17.96 12.71,17.96H17V19.64A2.86,2.86 0 0,1 14.14,22.5H9.86A2.86,2.86 0 0,1 7,19.64V15.89C7,14.31 8.28,13.04 9.86,13.04H15.11C16.69,13.04 17.96,11.76 17.96,10.18V7.5H19.14M14.86,19.29C14.46,19.29 14.14,19.59 14.14,20.18C14.14,20.77 14.46,20.89 14.86,20.89A0.71,0.71 0 0,0 15.57,20.18C15.57,19.59 15.25,19.29 14.86,19.29M4.86,17.5C3.28,17.5 2,16.22 2,14.64V10.86C2,9.28 3.28,8 4.86,8H12C12,7.61 11.68,7.04 11.29,7.04H7V5.36C7,3.78 8.28,2.5 9.86,2.5H14.14C15.72,2.5 17,3.78 17,5.36V9.11C17,10.69 15.72,11.96 14.14,11.96H8.89C7.31,11.96 6.04,13.24 6.04,14.82V17.5H4.86M9.14,5.71C9.54,5.71 9.86,5.41 9.86,4.82C9.86,4.23 9.54,4.11 9.14,4.11C8.75,4.11 8.43,4.23 8.43,4.82C8.43,5.41 8.75,5.71 9.14,5.71Z" data-v-9555a819></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-mCCMxX" role="tooltip" data-v-a626e57c data-v-bd634d53>Python</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-csharp tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="csharp" aria-describedby="tooltip-V4GMdo" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-d00433c2><path d="M11.5,15.97L11.91,18.41C11.65,18.55 11.23,18.68 10.67,18.8C10.1,18.93 9.43,19 8.66,19C6.45,18.96 4.79,18.3 3.68,17.04C2.56,15.77 2,14.16 2,12.21C2.05,9.9 2.72,8.13 4,6.89C5.32,5.64 6.96,5 8.94,5C9.69,5 10.34,5.07 10.88,5.19C11.42,5.31 11.82,5.44 12.08,5.59L11.5,8.08L10.44,7.74C10.04,7.64 9.58,7.59 9.05,7.59C7.89,7.58 6.93,7.95 6.18,8.69C5.42,9.42 5.03,10.54 5,12.03C5,13.39 5.37,14.45 6.08,15.23C6.79,16 7.79,16.4 9.07,16.41L10.4,16.29C10.83,16.21 11.19,16.1 11.5,15.97M13.89,19L14.5,15H13L13.34,13H14.84L15.16,11H13.66L14,9H15.5L16.11,5H18.11L17.5,9H18.5L19.11,5H21.11L20.5,9H22L21.66,11H20.16L19.84,13H21.34L21,15H19.5L18.89,19H16.89L17.5,15H16.5L15.89,19H13.89M16.84,13H17.84L18.16,11H17.16L16.84,13Z" data-v-d00433c2></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-V4GMdo" role="tooltip" data-v-a626e57c data-v-bd634d53>C#</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-go tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="golang" aria-describedby="tooltip-V4PEKb" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-82c7e7a6><path d="M2.64,10.33L2.62,10.27L2.84,10L2.96,9.92H6.8L6.83,10L6.65,10.26L6.54,10.32L2.64,10.33M1.03,11.31L1,11.26L1.22,10.97L1.34,10.91H6.24L6.29,11L6.21,11.24L6.11,11.31H1.03M3.63,12.3L3.59,12.24L3.75,11.96L3.85,11.9H6L6.07,11.97L6.05,12.22L5.97,12.3H3.63M14.78,10.14L13,10.61C12.81,10.65 12.8,10.66 12.66,10.5C12.5,10.32 12.39,10.21 12.16,10.1C11.5,9.76 10.83,9.86 10.22,10.25C9.5,10.73 9.11,11.42 9.12,12.3C9.13,13.16 9.72,13.87 10.57,14C11.3,14.09 11.91,13.83 12.4,13.28L12.69,12.89H10.62C10.4,12.89 10.35,12.75 10.42,12.57L10.97,11.39C11,11.33 11.08,11.22 11.24,11.22H14.68C14.83,10.72 15.09,10.26 15.43,9.81C16.21,8.78 17.16,8.24 18.43,8C19.5,7.82 20.56,7.93 21.5,8.57C22.34,9.15 22.87,9.93 23,10.96C23.19,12.41 22.76,13.59 21.76,14.61C21.05,15.33 20.18,15.78 19.19,16L18.33,16.08C17.35,16.06 16.46,15.78 15.71,15.13C15.19,14.68 14.83,14.14 14.65,13.5C14.5,13.74 14.38,13.97 14.21,14.2C13.44,15.22 12.43,15.85 11.15,16C10.1,16.16 9.12,15.95 8.26,15.31C7.47,14.71 7,13.91 6.9,12.92C6.76,11.75 7.1,10.7 7.81,9.78C8.57,8.78 9.58,8.15 10.82,7.92C11.82,7.74 12.79,7.86 13.66,8.44C14.23,8.82 14.63,9.34 14.9,9.96C14.94,10.05 14.9,10.11 14.78,10.14M20.89,11.74L20.86,11.38C20.67,10.32 19.69,9.72 18.67,9.95C17.66,10.17 17,10.8 16.79,11.81C16.6,12.65 17,13.5 17.77,13.84C18.36,14.1 18.96,14.06 19.53,13.78C20.37,13.35 20.84,12.66 20.89,11.74Z" data-v-82c7e7a6></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-V4PEKb" role="tooltip" data-v-a626e57c data-v-bd634d53>Go</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-php tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="php" aria-describedby="tooltip-MdkFjy" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-64b51343><path d="M12,18.08C5.37,18.08 0,15.36 0,12C0,8.64 5.37,5.92 12,5.92C18.63,5.92 24,8.64 24,12C24,15.36 18.63,18.08 12,18.08M6.81,10.13C7.35,10.13 7.72,10.23 7.9,10.44C8.08,10.64 8.12,11 8.03,11.47C7.93,12 7.74,12.34 7.45,12.56C7.17,12.78 6.74,12.89 6.16,12.89H5.29L5.82,10.13H6.81M3.31,15.68H4.75L5.09,13.93H6.32C6.86,13.93 7.3,13.87 7.65,13.76C8,13.64 8.32,13.45 8.61,13.18C8.85,12.96 9.04,12.72 9.19,12.45C9.34,12.19 9.45,11.89 9.5,11.57C9.66,10.79 9.55,10.18 9.17,9.75C8.78,9.31 8.18,9.1 7.35,9.1H4.59L3.31,15.68M10.56,7.35L9.28,13.93H10.7L11.44,10.16H12.58C12.94,10.16 13.18,10.22 13.29,10.34C13.4,10.46 13.42,10.68 13.36,11L12.79,13.93H14.24L14.83,10.86C14.96,10.24 14.86,9.79 14.56,9.5C14.26,9.23 13.71,9.1 12.91,9.1H11.64L12,7.35H10.56M18,10.13C18.55,10.13 18.91,10.23 19.09,10.44C19.27,10.64 19.31,11 19.22,11.47C19.12,12 18.93,12.34 18.65,12.56C18.36,12.78 17.93,12.89 17.35,12.89H16.5L17,10.13H18M14.5,15.68H15.94L16.28,13.93H17.5C18.05,13.93 18.5,13.87 18.85,13.76C19.2,13.64 19.5,13.45 19.8,13.18C20.04,12.96 20.24,12.72 20.38,12.45C20.53,12.19 20.64,11.89 20.7,11.57C20.85,10.79 20.74,10.18 20.36,9.75C20,9.31 19.37,9.1 18.54,9.1H15.79L14.5,15.68Z" data-v-64b51343></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-MdkFjy" role="tooltip" data-v-a626e57c data-v-bd634d53>PHP</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-cpp tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="cpp" aria-describedby="tooltip-VEVzMF" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-035ba3d8><path d="M10.5,15.97L10.91,18.41C10.65,18.55 10.23,18.68 9.67,18.8C9.1,18.93 8.43,19 7.66,19C5.45,18.96 3.79,18.3 2.68,17.04C1.56,15.77 1,14.16 1,12.21C1.05,9.9 1.72,8.13 3,6.89C4.32,5.64 5.96,5 7.94,5C8.69,5 9.34,5.07 9.88,5.19C10.42,5.31 10.82,5.44 11.08,5.59L10.5,8.08L9.44,7.74C9.04,7.64 8.58,7.59 8.05,7.59C6.89,7.58 5.93,7.95 5.18,8.69C4.42,9.42 4.03,10.54 4,12.03C4,13.39 4.37,14.45 5.08,15.23C5.79,16 6.79,16.4 8.07,16.41L9.4,16.29C9.83,16.21 10.19,16.1 10.5,15.97M11,11H13V9H15V11H17V13H15V15H13V13H11V11M18,11H20V9H22V11H24V13H22V15H20V13H18V11Z" data-v-035ba3d8></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-VEVzMF" role="tooltip" data-v-a626e57c data-v-bd634d53>C++</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div></div><div class="card__footer" data-test-id="card-footer" data-v-680ad9e6><button class="card__cta button button--default button--medium" icon-right type="button" data-v-680ad9e6 data-v-2420650a>Start learning <span class="button__icon button__icon--right" data-v-2420650a><svg class="icon icon--arrow-right" width="18" height="18" viewbox="0 0 24 24" aria-hidden="true" data-v-680ad9e6 data-v-4f6891af><path d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-4f6891af></path></svg></span></button><div class="progress" data-v-680ad9e6 data-v-11003b61><span id="progress-uBxHRzNPNF" class="progress__text progress__text--with-margin" data-v-11003b61>0% Completed </span><div class="outer" role="progressbar" aria-labelledby="progress-uBxHRzNPNF" data-v-11003b61><div class="inner" style="width:0px;" data-v-11003b61> </div></div></div></div></div></div></a><a href="/lesson/untracked-dependencies/" class="" aria-label="Untracked dependencies" data-v-8597f1f6><div class="card" data-v-680ad9e6><div class="card__hero" data-v-680ad9e6><img class="card__hero__image" width="344" height="157" alt="python Untracked dependencies" src="https://images.ctfassets.net/4un77bcsnjzw/1byrDMtp9Pgs6gxbLh7ZHx/42cf3f489b32a89671a061bfc55fd2e8/OSS-5.svg" data-v-680ad9e6><span class="badge badge--info badge--large card__hero__pill" data-v-680ad9e6 data-v-1920d3cd>NEW</span></div><div class="card__content" data-v-680ad9e6><h2 class="heading heading--2 card__title" data-v-680ad9e6 data-v-27327998>Untracked dependencies</h2><div class="card__description" data-v-680ad9e6>Learn how untracked dependencies arise, why they pose risks to application security, and how to protect your projects against these risks.</div><div class="card__icon" data-v-680ad9e6><svg width="26" height="26" class="icon icon--java-duke tooltip-trigger" viewbox="0 0 10 18" role="img" aria-label="java" aria-describedby="tooltip-pc2Oiv" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-4e6d9ae3><g clip-path="url(#clip0_1615_1567)" data-v-4e6d9ae3><path fill-rule="evenodd" clip-rule="evenodd" d="M2.16255 1.9227C2.5354 2.70207 2.28365 8.14492 1.84707 10.0536C1.41049 11.9654 0.973908 14.3958 0.871933 16.4412C0.827319 17.3128 0.961161 17.6564 1.53158 17.6564C2.53858 17.6564 3.81646 15.5378 5.41937 15.5855C7.02548 15.6332 7.53535 18.0159 8.28742 17.9999C9.03948 17.984 9.64496 17.7232 9.65133 15.4042C9.67364 8.48207 3.86107 2.87062 2.16255 1.9227Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M7.20386 7.45463C7.55759 8.0495 8.45943 7.59142 8.49767 6.92021C8.53591 6.249 8.43712 5.40283 8.00054 5.37102C7.56396 5.33921 7.25166 4.9034 6.81508 4.87159C6.3785 4.83977 5.91006 5.27558 5.70611 4.69663C5.50216 4.11767 6.25422 3.87272 6.81508 3.78047C6.31477 3.28104 6.02159 2.72753 5.80171 2.15175C5.58182 1.57597 5.4193 1.04791 6.03434 0.822053C6.64937 0.596195 6.59839 1.75729 7.30265 2.28854C7.09551 1.50599 7.01903 1.18152 7.03497 0.72662C7.0509 0.271724 7.01903 -0.0750154 7.66594 0.0140552C8.31284 0.103126 8.03241 1.44555 8.53591 1.9927C8.68887 1.47418 8.78129 0.815691 9.15095 0.545298C9.52061 0.274905 10.3619 0.268543 9.82653 1.37874C9.29116 2.48895 9.98268 3.09017 9.82016 3.96497C9.65763 4.83977 9.15413 4.68072 8.93744 5.24377C8.72074 5.80683 9.0649 7.08881 8.65701 7.66459C8.24911 8.24036 8.17581 9.12471 8.44031 9.83091C7.6277 9.07381 7.20386 7.45463 7.20386 7.45463Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M2.1402 8.20218C1.81197 10.448 0.671126 10.7152 0.613766 11.6473C0.556405 12.5794 0.916503 12.6684 0.894196 13.5305C0.871889 14.3926 0.103891 14.7425 0.0114765 15.2101C-0.0809383 15.6778 0.406629 15.8273 0.690247 15.8273C0.973864 15.8273 1.25748 14.5866 1.3722 13.7977C1.48693 13.0088 0.996171 12.5444 0.996171 12.0036C0.996171 11.4628 1.70681 10.4735 1.57615 11.3419C2.1657 10.413 2.44617 9.22963 2.1402 8.20218Z" fill="black" data-v-4e6d9ae3></path><path fill-rule="evenodd" clip-rule="evenodd" d="M2.58 9.05785C2.33144 10.273 0.779509 17.0583 1.56981 17.1442C2.36012 17.2301 3.48503 15.0447 5.32695 15.0606C7.17206 15.0765 7.89863 17.51 8.34796 17.4941C8.79728 17.4782 9.09365 17.6532 9.14145 14.9111C9.18925 12.169 7.51304 8.66658 6.52197 7.12375C5.17713 7.20964 3.73036 8.28489 2.58 9.05785Z" fill="white" data-v-4e6d9ae3></path><path d="M6.50979 7.57865C6.43623 6.81894 5.87213 6.34209 5.14238 6.22549C4.43758 6.11287 3.67029 6.44631 3.17688 6.93885C2.62195 7.49281 2.59978 8.26334 2.98833 8.91966C3.37167 9.56723 4.22084 9.78125 4.91643 9.61928C5.86828 9.39771 6.57166 8.56669 6.50979 7.57865Z" fill="black" data-v-4e6d9ae3></path><path d="M6.1592 7.86176C6.09312 8.55219 5.54191 9.1069 4.87814 9.26781C4.17574 9.43808 3.40017 9.16809 3.14776 8.44709C3.01887 8.07896 3.04286 7.70134 3.26447 7.37797C3.45138 7.10533 3.75279 6.89197 4.05137 6.75651C4.66764 6.47702 5.54877 6.44596 5.97805 7.06919C6.1407 7.30538 6.16916 7.58342 6.1592 7.86176Z" fill="url(#paint0_radial_1615_1567)" stroke="black" data-v-4e6d9ae3></path></g><defs data-v-4e6d9ae3><radialGradient id="paint0_radial_1615_1567" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(3.83413 7.38143) scale(2.4217 2.41743)" data-v-4e6d9ae3><stop stop-color="white" data-v-4e6d9ae3></stop><stop offset="0.0604" stop-color="#FBC8B4" data-v-4e6d9ae3></stop><stop offset="0.0712" stop-color="#FBC3B0" data-v-4e6d9ae3></stop><stop offset="0.1829" stop-color="#F7978B" data-v-4e6d9ae3></stop><stop offset="0.2995" stop-color="#F4716B" data-v-4e6d9ae3></stop><stop offset="0.4199" stop-color="#F15251" data-v-4e6d9ae3></stop><stop offset="0.5453" stop-color="#EF3A3D" data-v-4e6d9ae3></stop><stop offset="0.6778" stop-color="#EE292F" data-v-4e6d9ae3></stop><stop offset="0.822" stop-color="#ED1F27" data-v-4e6d9ae3></stop><stop offset="1" stop-color="#ED1C24" data-v-4e6d9ae3></stop></radialGradient><clipPath id="clip0_1615_1567" data-v-4e6d9ae3><rect width="10" height="18" fill="white" data-v-4e6d9ae3></rect></clipPath></defs></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-pc2Oiv" role="tooltip" data-v-a626e57c data-v-bd634d53>Java</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-javascript tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="javascript" aria-describedby="tooltip-iEnAVh" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-00dfaa56><path d="M3,3H21V21H3V3M7.73,18.04C8.13,18.89 8.92,19.59 10.27,19.59C11.77,19.59 12.8,18.79 12.8,17.04V11.26H11.1V17C11.1,17.86 10.75,18.08 10.2,18.08C9.62,18.08 9.38,17.68 9.11,17.21L7.73,18.04M13.71,17.86C14.21,18.84 15.22,19.59 16.8,19.59C18.4,19.59 19.6,18.76 19.6,17.23C19.6,15.82 18.79,15.19 17.35,14.57L16.93,14.39C16.2,14.08 15.89,13.87 15.89,13.37C15.89,12.96 16.2,12.64 16.7,12.64C17.18,12.64 17.5,12.85 17.79,13.37L19.1,12.5C18.55,11.54 17.77,11.17 16.7,11.17C15.19,11.17 14.22,12.13 14.22,13.4C14.22,14.78 15.03,15.43 16.25,15.95L16.67,16.13C17.45,16.47 17.91,16.68 17.91,17.26C17.91,17.74 17.46,18.09 16.76,18.09C15.93,18.09 15.45,17.66 15.09,17.06L13.71,17.86Z" data-v-00dfaa56></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-iEnAVh" role="tooltip" data-v-a626e57c data-v-bd634d53>JavaScript</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-python tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="python" aria-describedby="tooltip-EWWAxC" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-9555a819><path d="M19.14,7.5A2.86,2.86 0 0,1 22,10.36V14.14A2.86,2.86 0 0,1 19.14,17H12C12,17.39 12.32,17.96 12.71,17.96H17V19.64A2.86,2.86 0 0,1 14.14,22.5H9.86A2.86,2.86 0 0,1 7,19.64V15.89C7,14.31 8.28,13.04 9.86,13.04H15.11C16.69,13.04 17.96,11.76 17.96,10.18V7.5H19.14M14.86,19.29C14.46,19.29 14.14,19.59 14.14,20.18C14.14,20.77 14.46,20.89 14.86,20.89A0.71,0.71 0 0,0 15.57,20.18C15.57,19.59 15.25,19.29 14.86,19.29M4.86,17.5C3.28,17.5 2,16.22 2,14.64V10.86C2,9.28 3.28,8 4.86,8H12C12,7.61 11.68,7.04 11.29,7.04H7V5.36C7,3.78 8.28,2.5 9.86,2.5H14.14C15.72,2.5 17,3.78 17,5.36V9.11C17,10.69 15.72,11.96 14.14,11.96H8.89C7.31,11.96 6.04,13.24 6.04,14.82V17.5H4.86M9.14,5.71C9.54,5.71 9.86,5.41 9.86,4.82C9.86,4.23 9.54,4.11 9.14,4.11C8.75,4.11 8.43,4.23 8.43,4.82C8.43,5.41 8.75,5.71 9.14,5.71Z" data-v-9555a819></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-EWWAxC" role="tooltip" data-v-a626e57c data-v-bd634d53>Python</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-csharp tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="csharp" aria-describedby="tooltip-Y9jpuU" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-d00433c2><path d="M11.5,15.97L11.91,18.41C11.65,18.55 11.23,18.68 10.67,18.8C10.1,18.93 9.43,19 8.66,19C6.45,18.96 4.79,18.3 3.68,17.04C2.56,15.77 2,14.16 2,12.21C2.05,9.9 2.72,8.13 4,6.89C5.32,5.64 6.96,5 8.94,5C9.69,5 10.34,5.07 10.88,5.19C11.42,5.31 11.82,5.44 12.08,5.59L11.5,8.08L10.44,7.74C10.04,7.64 9.58,7.59 9.05,7.59C7.89,7.58 6.93,7.95 6.18,8.69C5.42,9.42 5.03,10.54 5,12.03C5,13.39 5.37,14.45 6.08,15.23C6.79,16 7.79,16.4 9.07,16.41L10.4,16.29C10.83,16.21 11.19,16.1 11.5,15.97M13.89,19L14.5,15H13L13.34,13H14.84L15.16,11H13.66L14,9H15.5L16.11,5H18.11L17.5,9H18.5L19.11,5H21.11L20.5,9H22L21.66,11H20.16L19.84,13H21.34L21,15H19.5L18.89,19H16.89L17.5,15H16.5L15.89,19H13.89M16.84,13H17.84L18.16,11H17.16L16.84,13Z" data-v-d00433c2></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-Y9jpuU" role="tooltip" data-v-a626e57c data-v-bd634d53>C#</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-go tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="golang" aria-describedby="tooltip-t8yheA" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-82c7e7a6><path d="M2.64,10.33L2.62,10.27L2.84,10L2.96,9.92H6.8L6.83,10L6.65,10.26L6.54,10.32L2.64,10.33M1.03,11.31L1,11.26L1.22,10.97L1.34,10.91H6.24L6.29,11L6.21,11.24L6.11,11.31H1.03M3.63,12.3L3.59,12.24L3.75,11.96L3.85,11.9H6L6.07,11.97L6.05,12.22L5.97,12.3H3.63M14.78,10.14L13,10.61C12.81,10.65 12.8,10.66 12.66,10.5C12.5,10.32 12.39,10.21 12.16,10.1C11.5,9.76 10.83,9.86 10.22,10.25C9.5,10.73 9.11,11.42 9.12,12.3C9.13,13.16 9.72,13.87 10.57,14C11.3,14.09 11.91,13.83 12.4,13.28L12.69,12.89H10.62C10.4,12.89 10.35,12.75 10.42,12.57L10.97,11.39C11,11.33 11.08,11.22 11.24,11.22H14.68C14.83,10.72 15.09,10.26 15.43,9.81C16.21,8.78 17.16,8.24 18.43,8C19.5,7.82 20.56,7.93 21.5,8.57C22.34,9.15 22.87,9.93 23,10.96C23.19,12.41 22.76,13.59 21.76,14.61C21.05,15.33 20.18,15.78 19.19,16L18.33,16.08C17.35,16.06 16.46,15.78 15.71,15.13C15.19,14.68 14.83,14.14 14.65,13.5C14.5,13.74 14.38,13.97 14.21,14.2C13.44,15.22 12.43,15.85 11.15,16C10.1,16.16 9.12,15.95 8.26,15.31C7.47,14.71 7,13.91 6.9,12.92C6.76,11.75 7.1,10.7 7.81,9.78C8.57,8.78 9.58,8.15 10.82,7.92C11.82,7.74 12.79,7.86 13.66,8.44C14.23,8.82 14.63,9.34 14.9,9.96C14.94,10.05 14.9,10.11 14.78,10.14M20.89,11.74L20.86,11.38C20.67,10.32 19.69,9.72 18.67,9.95C17.66,10.17 17,10.8 16.79,11.81C16.6,12.65 17,13.5 17.77,13.84C18.36,14.1 18.96,14.06 19.53,13.78C20.37,13.35 20.84,12.66 20.89,11.74Z" data-v-82c7e7a6></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-t8yheA" role="tooltip" data-v-a626e57c data-v-bd634d53>Go</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-php tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="php" aria-describedby="tooltip-wzstJY" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-64b51343><path d="M12,18.08C5.37,18.08 0,15.36 0,12C0,8.64 5.37,5.92 12,5.92C18.63,5.92 24,8.64 24,12C24,15.36 18.63,18.08 12,18.08M6.81,10.13C7.35,10.13 7.72,10.23 7.9,10.44C8.08,10.64 8.12,11 8.03,11.47C7.93,12 7.74,12.34 7.45,12.56C7.17,12.78 6.74,12.89 6.16,12.89H5.29L5.82,10.13H6.81M3.31,15.68H4.75L5.09,13.93H6.32C6.86,13.93 7.3,13.87 7.65,13.76C8,13.64 8.32,13.45 8.61,13.18C8.85,12.96 9.04,12.72 9.19,12.45C9.34,12.19 9.45,11.89 9.5,11.57C9.66,10.79 9.55,10.18 9.17,9.75C8.78,9.31 8.18,9.1 7.35,9.1H4.59L3.31,15.68M10.56,7.35L9.28,13.93H10.7L11.44,10.16H12.58C12.94,10.16 13.18,10.22 13.29,10.34C13.4,10.46 13.42,10.68 13.36,11L12.79,13.93H14.24L14.83,10.86C14.96,10.24 14.86,9.79 14.56,9.5C14.26,9.23 13.71,9.1 12.91,9.1H11.64L12,7.35H10.56M18,10.13C18.55,10.13 18.91,10.23 19.09,10.44C19.27,10.64 19.31,11 19.22,11.47C19.12,12 18.93,12.34 18.65,12.56C18.36,12.78 17.93,12.89 17.35,12.89H16.5L17,10.13H18M14.5,15.68H15.94L16.28,13.93H17.5C18.05,13.93 18.5,13.87 18.85,13.76C19.2,13.64 19.5,13.45 19.8,13.18C20.04,12.96 20.24,12.72 20.38,12.45C20.53,12.19 20.64,11.89 20.7,11.57C20.85,10.79 20.74,10.18 20.36,9.75C20,9.31 19.37,9.1 18.54,9.1H15.79L14.5,15.68Z" data-v-64b51343></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-wzstJY" role="tooltip" data-v-a626e57c data-v-bd634d53>PHP</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div><svg class="icon icon--language-cpp tooltip-trigger" width="26" height="26" viewbox="0 0 24 24" role="img" aria-label="cpp" aria-describedby="tooltip-b1Ewlz" tabindex="0" data-v-a626e57c data-v-680ad9e6 data-v-035ba3d8><path d="M10.5,15.97L10.91,18.41C10.65,18.55 10.23,18.68 9.67,18.8C9.1,18.93 8.43,19 7.66,19C5.45,18.96 3.79,18.3 2.68,17.04C1.56,15.77 1,14.16 1,12.21C1.05,9.9 1.72,8.13 3,6.89C4.32,5.64 5.96,5 7.94,5C8.69,5 9.34,5.07 9.88,5.19C10.42,5.31 10.82,5.44 11.08,5.59L10.5,8.08L9.44,7.74C9.04,7.64 8.58,7.59 8.05,7.59C6.89,7.58 5.93,7.95 5.18,8.69C4.42,9.42 4.03,10.54 4,12.03C4,13.39 4.37,14.45 5.08,15.23C5.79,16 6.79,16.4 8.07,16.41L9.4,16.29C9.83,16.21 10.19,16.1 10.5,15.97M11,11H13V9H15V11H17V13H15V15H13V13H11V11M18,11H20V9H22V11H24V13H22V15H20V13H18V11Z" data-v-035ba3d8></path></svg><div class="tooltip-popover" style="" data-v-a626e57c><div class="prose prose--small tooltip-popover__description" id="tooltip-b1Ewlz" role="tooltip" data-v-a626e57c data-v-bd634d53>C++</div><div class="tooltip-popover__arrow" style="" data-v-a626e57c></div></div></div><div class="card__footer" data-test-id="card-footer" data-v-680ad9e6><button class="card__cta button button--default button--medium" icon-right type="button" data-v-680ad9e6 data-v-2420650a>Start learning <span class="button__icon button__icon--right" data-v-2420650a><svg class="icon icon--arrow-right" width="18" height="18" viewbox="0 0 24 24" aria-hidden="true" data-v-680ad9e6 data-v-4f6891af><path d="M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z" data-v-4f6891af></path></svg></span></button><div class="progress" data-v-680ad9e6 data-v-11003b61><span id="progress-NetMkmwBkM" class="progress__text progress__text--with-margin" data-v-11003b61>0% Completed </span><div class="outer" role="progressbar" aria-labelledby="progress-NetMkmwBkM" data-v-11003b61><div class="inner" style="width:0px;" data-v-11003b61> </div></div></div></div></div></div></a></section><div class="latest-lessons__view-more" data-v-8597f1f6><a class="latest-lessons__view-more_button button button--primary button--medium" data-snyk-test="LatestLessons: view more" href="/catalog/" target="_self" data-v-8597f1f6 data-v-2420650a> View more lessons </a></div></div></div></div></main></div><footer class="footer" data-v-17e5ae28 data-v-27e4490f><div class="footer__wrapper" data-v-27e4490f><section class="footer__top page-width-limit" data-v-27e4490f><a href="https://snyk.io/?loc=learn" title="Snyk" class="footer__top__logo" data-v-27e4490f><img src="https://res.cloudinary.com/snyk/image/upload/v1642427601/snyk-learn/Frame_1.svg" alt="Snyk logo" width="160" height="90" loading="lazy" data-v-27e4490f></a><div class="footer__top__links-box" data-v-27e4490f><a href="https://snyk.io/schedule-a-demo/?cta=schedule-demo/?loc=learn" class="footer__top__links-box__link" data-v-27e4490f><span data-v-27e4490f>Book a demo</span></a><a class="learnButton button button--primary button--medium" isfullwidth="false" href="https://api.snyk.io/v1/learn/auth?cta=signup&page=learn-homepage&loc=footer&learn_redirect_path=%2Fuser%2Flearning-progress" target="_self" data-v-27e4490f data-v-fc682313 data-v-2420650a>Sign up for free</a></div></section><hr data-v-27e4490f><div class="nav__wrapper page-width-limit" data-v-27e4490f><nav class="nav__group" data-v-27e4490f><h3 class="nav__group__heading" data-v-27e4490f>Product</h3><ul class="nav__list" data-v-27e4490f><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/product/open-source-security-management/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Snyk Open Source</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/product/snyk-code/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Snyk Code</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/product/container-vulnerability-management/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Snyk Container</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/product/infrastructure-as-code-security/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Snyk Infrastructure as Code</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/solutions/aspm/" class="nav__list__item__link" data-v-27e4490f>ASPM Solution</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/solutions/application-security/" class="nav__list__item__link" data-v-27e4490f>Application Security Solution</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/solutions/software-supply-chain-security/" class="nav__list__item__link" data-v-27e4490f>Supply Chain Security Solution</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/platform/deepcode-ai/" class="nav__list__item__link" data-v-27e4490f>Deepcode AI</a></li></ul></nav><nav class="nav__group" data-v-27e4490f><h3 class="nav__group__heading" data-v-27e4490f>Resources</h3><ul class="nav__list" data-v-27e4490f><li class="nav__list__item" data-v-27e4490f><a href="https://security.snyk.io/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Vulnerability DB</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/advisor/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Snyk OSS Advisor</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://support.snyk.io/hc/en-us/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Documentation</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://security.snyk.io/disclosed-vulnerabilities/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Disclosed Vulnerabilities</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://support.snyk.io/hc/en-us/?loc=learn" class="nav__list__item__link" data-v-27e4490f>FAQs</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/code-checker/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Code Checker</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/open-source-audit/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Audit Services</a></li></ul></nav><nav class="nav__group" data-v-27e4490f><h3 class="nav__group__heading" data-v-27e4490f>Company</h3><ul class="nav__list" data-v-27e4490f><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/about/?loc=learn" class="nav__list__item__link" data-v-27e4490f>About us</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/about/snyk-impact/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Snyk Impact</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/customers/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Customers</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/careers/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Jobs at Snyk</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/policies/terms-of-service/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Policies</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://preferences.snyk.io/dont_sell/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Do Not Sell My Personal Information</a></li></ul></nav><nav class="nav__group" data-v-27e4490f><h3 class="nav__group__heading" data-v-27e4490f>Connect</h3><ul class="nav__list" data-v-27e4490f><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/blog/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Blog</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/learn/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Security Fundamentals</a></li><li class="nav__list__item" data-v-27e4490f><a href="http://snyk.io/series/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Security Series</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://support.snyk.io/hc/en-us/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Support</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/press-kit/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Press Kit</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/events/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Events</a></li><li class="nav__list__item" data-v-27e4490f><a href="https://snyk.io/vulnerability-disclosure/?loc=learn" class="nav__list__item__link" data-v-27e4490f>Report a new vuln</a></li></ul></nav><nav class="nav__group" data-v-27e4490f><h3 class="nav__group__heading" data-v-27e4490f>Topics</h3><ul class="nav__list" data-v-27e4490f><li class="nav__list__item" data-v-27e4490f><a href="/catalog/security-education/" class="nav__list__item__link" role="link" data-v-27e4490f>Security Education</a></li><li class="nav__list__item" data-v-27e4490f><a href="/catalog/product-training/" class="nav__list__item__link" data-v-27e4490f>Product Training</a></li><li class="nav__list__item" data-v-27e4490f><a href="/catalog/?format=learning_path" class="nav__list__item__link" data-v-27e4490f>Learning Paths</a></li></ul></nav><nav class="nav__group" data-v-27e4490f><h3 class="nav__group__heading nav__group__heading--compact" data-v-27e4490f><a href="https://snyk.io/?loc=learn" title="Snyk | Open Source Security Platform" data-v-27e4490f><img src="https://res.cloudinary.com/snyk/image/upload/v1643016564/snyk-learn/snyk-wordmark.svg" alt="Snyk | Open Source Security Platform" width="68" height="35" loading="lazy" data-v-27e4490f></a></h3><ul class="nav__list" data-v-27e4490f><li class="nav__list__item nav__list__item--wide" data-v-27e4490f><p data-v-27e4490f> Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images. </p></li></ul><nav class="nav__social" data-v-27e4490f><h3 class="nav__list__item__label nav__list__item__label--emphasis" data-v-27e4490f> Track our development </h3><ul class="list-social" data-v-27e4490f><li class="list-social__item" data-v-27e4490f><a href="https://github.com/Snyk/" title="Github" rel="noopener noreferrer" data-v-27e4490f><img src="/assets/images/footer-github-icon.svg" alt="Github's Logo" height="20" loading="lazy" data-v-27e4490f></a></li><li class="list-social__item" data-v-27e4490f><a href="https://www.npmjs.com/snyk" title="NPM" rel="noopener noreferrer" data-v-27e4490f><img src="/assets/images/footer-npm-icon.svg" alt="Node Package Manger's Logo" height="20" loading="lazy" data-v-27e4490f></a></li><li class="list-social__item--podcast-ad list-social__item" data-v-27e4490f><a href="https://www.devseccon.com/the-secure-developer-podcast/" title="DevSecOps Community Podcast" rel="noopener noreferrer" data-v-27e4490f><img src="https://res.cloudinary.com/snyk/image/upload/v1632399229/snyk-learn/community-banner-footer.svg" alt="DevSecOps Community Podcast" height="68" loading="lazy" data-v-27e4490f></a></li><li class="list-social__item" data-v-27e4490f><a href="https://twitter.com/snyksec" title="Twitter" rel="noopener noreferrer" data-v-27e4490f><img src="/assets/images/footer-twitter-icon.svg" alt="Twitter's Logo" height="20" loading="lazy" data-v-27e4490f></a></li><li class="list-social__item" data-v-27e4490f><a href="https://www.youtube.com/channel/UCh4dJzctb0NhSibjU-e2P6w" title="Youtube" rel="noopener noreferrer" data-v-27e4490f><img src="/assets/images/footer-youtube-icon.svg" alt="Youtube's Logo" height="20" loading="lazy" data-v-27e4490f></a></li><li class="list-social__item" data-v-27e4490f><a href="https://www.facebook.com/snyksec" title="Facebook" rel="noopener noreferrer" data-v-27e4490f><img src="/assets/images/footer-facebook-icon.svg" alt="Facebook's Logo" height="20" loading="lazy" data-v-27e4490f></a></li><li class="list-social__item" data-v-27e4490f><a href="https://www.linkedin.com/company/snyk" title="LinkedIn" rel="noopener noreferrer" data-v-27e4490f><img src="/assets/images/footer-linkedin-icon.svg" alt="LinkedIn's Logo" height="20" loading="lazy" data-v-27e4490f></a></li></ul></nav></nav></div><div class="about-snyk page-width-limit" data-v-27e4490f><p data-v-27e4490f> © 2025 Snyk Limited<br data-v-27e4490f> Registered in England and Wales | Company number: 09677925<br data-v-27e4490f> Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT. </p></div></div><div class="footer-waves-wrapper" data-v-27e4490f><img loading="lazy" src="https://res.cloudinary.com/snyk/image/upload/snyk-learn/wave-footer.svg" alt="Footer Wave Bottom" data-v-27e4490f></div></footer></div></div> <script id="usercentrics-cmp" src="https://app.usercentrics.eu/browser-ui/latest/bundle.js" data-ruleset-id="_FNivNo3GYQ2ta" data-nscript="afterInteractive" async></script> <script id="vike_pageContext" type="application/json">{"INITIAL_STORE_STATE":{"progress":{"lessonsProgress":{},"isLoadingLessonProgress":false,"currentlyViewedStepId":null,"_viewedStepsQueue":[]},"user":{"loggedInUser":null,"userProjects":[],"_userRequest":null},"lessons":{"_lessonMetadataRequest":null,"lessonsMetadata":[{"lessonId":"66ced330-7bec-49d9-5157-e0c61814b1ac","datePublished":"2025-03-28","title":"Immature software","subtitle":"OSS-RISK-8 Immature Software","seoTitle":"Immature software | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about immature software in open-source projects, its associated risks, and how to mitigate issues with best practices and thorough evaluation.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"immature-software","published":true,"url":"https://learn.snyk.io/lesson/immature-software/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5UdnfVbcgSMXHdqPcWm02i/4dc6c7b87d21b2619bfb28c4a2227462/OSS-8.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"91f466e8-fb3e-504c-06df-e00864c5b7d4","datePublished":"2025-03-17","title":"Snyk PR Checks in your Pull Request/Merge Request","subtitle":"Validating your code for application security vulnerabilities, in addition to open source security issues and license violations.","seoKeywords":["Snyk","Pull-request","Git","Sast","Application security testing","AI"],"seoTitle":"Snyk PR Checks in your Pull Request/Merge Request | Product Training","cves":[],"cwes":[],"description":"This lesson speaks to developers on how to navigate the pull request check, understand the issue, and then resolve it as part of a workflow.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"checking-your-code-with-pr-checks","published":true,"url":"https://learn.snyk.io/lesson/checking-your-code-with-pr-checks/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ctdrDWqZf6DZeMsiOdGTX/79260999a71e9758a19d04a056f50351/Training.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"70bf3b62-4a92-479c-0b27-7e866cedfbe2","datePublished":"2021-08-04","author":"Patrick Debois","title":"SQL injection (SQLi)","subtitle":"Improper handling of input during SQL query generation","seoKeywords":["SQL injection"],"seoTitle":"What is SQL injection (SQLi)? | Tutorial & examples","cves":[],"cwes":["CWE-89"],"description":"Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.","ecosystem":"java","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"sql-injection","published":true,"url":"https://learn.snyk.io/lesson/sql-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2autwO6C7mlB5d000pPJHn/8f2094ec1d72253e71c3a3c6fb7f6c1d/sql_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e948a26b-c79e-49ad-d5fa-60175c432ea8","datePublished":"2025-03-26","title":"License and Regulatory Risk","subtitle":"The fine print of copy/paste","seoTitle":"License and Regulatory Risk | Tutorial and examples","cves":[],"cwes":[],"description":"Learn the importance of managing license and regulatory risk effectively. This includes understanding licensing terms, ensuring compliance, and more.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"license-and-regulatory-risk","published":true,"url":"https://learn.snyk.io/lesson/license-and-regulatory-risk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/29Jxsj2gbiSiUD3e0QGNox/64094a20365785711a81a64f420d8756/OSS-7.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"36baa0ce-77a2-4b96-cfce-a2c201efc8e2","datePublished":"2022-08-18","author":"Jessica Williams","title":"XML external entity injection (XXE)","subtitle":"Injected untrusted data into an XML parser","seoKeywords":["Xml external entity","Xml entity","Xxe payload","Xml injection attack","Xxe","Xxe vulnerability","Xxe attack"],"seoTitle":"XXE attack | Tutorials & Examples","cves":["CVE-2022-32285","CVE-2022-31447","CVE-2022-34793"],"cwes":["CWE-611","CWE-91"],"description":"Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","java","python","csharp","cpp","golang","php"],"rules":[],"slug":"xxe","published":true,"url":"https://learn.snyk.io/lesson/xxe/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3Qb1jxl7eh5N9VrFke5BNo/4ca355209de3385e08fe147f0ec54e49/XXE.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e8b66657-64e2-577e-c758-81b5a30e42aa","datePublished":"2022-11-16","author":"Edgar Kussberg","title":"Code injection","subtitle":"Protect your applications against malicious code injection","seoKeywords":["javascript injection testing","sensitive information leakage","unvalidated input","source code management","web applications","parameters modification","java injection attacks"],"seoTitle":"What is code injection? | Tutorial & examples","cves":[],"cwes":["CWE-95","CWE-94","CWE-93","CWE-90","CWE-92","CWE-77","CWE-78"],"description":"Learn how to protect your applications against malicious code injection by exploiting a vulnerable web app as part of this Snyk Learn lesson.","ecosystem":"javascript","ecosystems":["javascript","java","python","php"],"rules":[],"slug":"malicious-code-injection","published":true,"url":"https://learn.snyk.io/lesson/malicious-code-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6uBL1O8QKLaKKu4m1C4WHE/6fd17009316b98be803793d1b7d7e1a5/Code_Injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"da080c48-e2a6-5668-2856-1715730b9a47","datePublished":"2025-03-20","title":"Untracked dependencies","subtitle":"Did we know that was there?","seoTitle":"Untracked dependencies | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how untracked dependencies arise, why they pose risks to application security, and how to protect your projects against these risks.","ecosystem":"python","ecosystems":["java","javascript","python","csharp","golang","php","cpp"],"rules":[],"slug":"untracked-dependencies","published":true,"url":"https://learn.snyk.io/lesson/untracked-dependencies/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1byrDMtp9Pgs6gxbLh7ZHx/42cf3f489b32a89671a061bfc55fd2e8/OSS-5.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"519fba64-07ef-47e9-1ba0-89bf6d8d6404","datePublished":"2025-03-17","title":"Outdated software in open source projects","subtitle":"Update at a later time","seoTitle":"Outdated software | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about outdated software risks in open source projects, how they impact your application, and how to mitigate these vulnerabilities.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"outdated-software","published":true,"url":"https://learn.snyk.io/lesson/outdated-software/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5c0S3F3kDeEw3SaqLl61BJ/06e9fbed83542050fb9e48b3f8382f6a/OSS-5.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"93783544-1ed0-4f33-2803-ad11ed266baa","datePublished":"2023-09-29","title":"Using Snyk in an IDE","subtitle":"Enabling developers to build secure software","seoKeywords":["IDE","VSCode","IntelliJ","Eclipse","Visual Studio","DeepCode AI","AI Fix"],"seoTitle":"Using Snyk in an IDE | Snyk Training","cves":[],"cwes":[],"description":"Learn to install, authenticate, and configure the Snyk IDE plugin, followed by validating and fixing issues with your open-source dependencies, code, IaC, and containers.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-in-an-ide","published":true,"url":"https://learn.snyk.io/lesson/snyk-in-an-ide/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/Cux0MK7z7iaL3ucljEZVU/f08b67d8029910e1b639573c058f318b/Introduction_to_using_Snyk_in_an_IDE.svg","topics":["IDE"],"educationContentCategory":"product training"},{"lessonId":"c17aea7e-60e4-4b5d-aa09-e468e39f6353","datePublished":"2025-03-05","title":"Unmaintained software","subtitle":"The risks of unsupported libraries","seoTitle":"Unmaintained software | Tutorial and examples","cves":[],"cwes":[],"description":"Understand how unmaintained software can lead to potential security risks with your application and learn strategies around dependency management and fallback planning.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"unmaintained-software","published":true,"url":"https://learn.snyk.io/lesson/unmaintained-software/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2WwRFuLHHJYHDwsVnPvzW4/ef1db93ed4a59339f2ccd14e7df7a908/OSS-4.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f96ada59-ff91-5610-129f-4654060b837b","datePublished":"2025-03-05","title":"Name confusion attacks","subtitle":"Watch out for deceptive names","seoTitle":"Name confusion attacks | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about name confusion attacks, their implications, and how to mitigate and remediate them with insights and real-world examples from security experts.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"name-confusion-attacks","published":true,"url":"https://learn.snyk.io/lesson/name-confusion-attacks/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3Svrq2iMSov4TNajiPJuGq/af1e266ee162f3f8cc92df2165deb55d/OSS-3.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5c035270-4033-4926-da6f-c8b391db9b95","datePublished":"2025-03-05","title":"Compromise of legitimate package","subtitle":"Spotting and stopping compromised packages","seoTitle":"Compromise of legitimate package | Tutorial and examples","cves":[],"cwes":[],"description":"Understand how legitimate packages can be compromised and the safeguards that can protect your development and production environments.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"compromise-of-legitimate-package","published":true,"url":"https://learn.snyk.io/lesson/compromise-of-legitimate-package/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/284Ga3R9kTgAC84mvGb6wZ/02fea43ee7a65187ba68765b63fc9235/OSS-2.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"8dbf5cdb-7156-4bec-a941-4fc7d36046e3","datePublished":"2025-03-05","title":"Known vulnerabilities in dependencies","subtitle":"Making sure your dependencies are secure","seoTitle":"Known vulnerabilities in dependencies | Tutorial and examples","cves":[],"cwes":[],"description":"Understand how vulnerable dependencies can compromise your application security and learn strategies to prevent exploitation.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"known-vulnerabilities-in-dependencies-broken","published":true,"url":"https://learn.snyk.io/lesson/known-vulnerabilities-in-dependencies-broken/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7qan5AafAifozWWoC2x7M3/492f3faec5daa0c5ee7b0e4af0bf8b63/OSS-1.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"cd0b4c2b-b6c9-4c04-f3dd-4094a2819b36","datePublished":"2025-02-05","title":"Improper inventory management","subtitle":"Keeping track of API endpoints","seoTitle":"Improper inventory management | Tutorial and examples","cves":[],"cwes":["CWE-1059"],"description":"Discover how a lack of API asset management leads to security breaches and learn the best practices for API security.","ecosystem":"python","ecosystems":["java","python","javascript","csharp","golang","php"],"rules":[],"slug":"improper-inventory-management","published":true,"url":"https://learn.snyk.io/lesson/improper-inventory-management/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2chTjQq8Sir2OklQJWhCJc/45161b96794f7e3330739f42b4c0387b/inventory_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7ebd499c-973e-4ec0-4d93-07dbe68a9d9b","datePublished":"2025-02-03","title":"API security misconfiguration","subtitle":"Understand and secure your APIs by identifying and fixing misconfigurations at every level of the stack","seoTitle":"API security misconfigurations | Tutorial and examples","cves":[],"cwes":["CWE-2"],"description":"Learn how API security misconfiguration vulnerabilities manifest, how to protect your APIs, understand the risks, and see how to mitigate such threats.","ecosystem":"python","ecosystems":["java","javascript","python","csharp","php","golang"],"rules":[],"slug":"security-misconfiguration-api","published":true,"url":"https://learn.snyk.io/lesson/security-misconfiguration-api/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4xBq73JGgboE0qkcpRXtHn/29a09c34e57981528f60a49ea0fddbaa/security_misconfig_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"2bcea8ed-fb48-4563-9c1a-10e37bbf70c6","datePublished":"2025-01-21","title":"Broken function level authorization","subtitle":"Exploiting improperly secured API functions","seoTitle":"Broken function level authorization | Tutorial and examples","cves":[],"cwes":["CWE-285"],"description":"Learn how attackers exploit improperly secured API functions and how to protect your application from these vulnerabilities.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"broken-function-level-authorization","published":true,"url":"https://learn.snyk.io/lesson/broken-function-level-authorization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2NdIxOQoDCrbafivNcUtme/3b14bae1f573179efc8ab2368ccb69b5/broken_function_level_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"eb44604a-48e2-49af-d86b-8ddc2ead52b0","datePublished":"2025-01-20","title":"Unrestricted resource consumption","subtitle":"WARNING: High frequency of upload requests detected","seoTitle":"Unrestricted resource consumption | Tutorial and examples","cves":[],"cwes":["CWE-400"],"description":"Learn about unrestricted resource consumption, how it works, and how to protect your APIs against it with code examples and mitigation techniques.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"unrestricted-resource-consumption","published":true,"url":"https://learn.snyk.io/lesson/unrestricted-resource-consumption/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/9SWVHCwI8NEqWiXQfoNht/2f6833c20a80689a54aa94e751a28799/broken_object_level_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"12cde434-5fcb-4c9c-92d0-c4040b735a77","datePublished":"2025-02-04","title":"Broken authentication","subtitle":"Preventing brute force (and more)","seoTitle":"Broken authentication | Tutorial & examples","cves":[],"cwes":["CWE-307"],"description":"Learn about broken authentication and how it can compromise an API's security. We'll explore how attackers exploit these vulnerabilities and mitigation strategies.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","php","golang"],"rules":[],"slug":"broken-authentication","published":true,"url":"https://learn.snyk.io/lesson/broken-authentication/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4M2rVIUCh64KV7AffyBAz9/0ce86e53f2e227da2ce09f8617e32f25/broken_auth_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"215947a8-d678-50aa-56e0-270c983b4c48","datePublished":"2025-01-07","title":"Broken object level authorization","subtitle":"Failing to enforce proper permissions","seoTitle":"What is broken object level authorization? | Tutorial & examples","cves":[],"cwes":["CWE-639"],"description":"Learn about broken object level authorization and how APIs tend to expose endpoints. We'll look at examples and mitigations of this vulnerability.","ecosystem":"javascript","ecosystems":["javascript","python","java","csharp","golang","php"],"rules":[],"slug":"broken-object-level-authorization","published":true,"url":"https://learn.snyk.io/lesson/broken-object-level-authorization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5cZg4eHNM7asSjZXtqUNqK/77d65e13513f51706ad5e0236d193aab/bola_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1f599cc7-cd1f-4d3a-5e70-a5e6e4641998","datePublished":"2024-04-29","title":"Snyk AppRisk - Secrets detection coverage with Nightfall AI","subtitle":"Product training","seoKeywords":["Nightfall","Secrets Detection","Secrets","Snyk AppRisk"],"seoTitle":"Snyk AppRisk - Secrets detection coverage with Nightfall AI | Snyk Training","cves":[],"cwes":[],"description":"Learn how to configure Snyk AppRisk with Nightfall AI and utilize the data for powerful policies, coverage validation, and reporting.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-nightfall-ai","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-nightfall-ai/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1VKrUiVwVIiPNgUokSuX8a/6d1186da7a42acc5af49397b2fa9b648/AppRisk_-_Nightfall.svg","topics":["Snyk AppRisk","Asset Management","Integrations"],"educationContentCategory":"product training"},{"lessonId":"6449297c-8f1e-49e6-eedb-aad07d111dcd","datePublished":"2024-04-29","title":"Snyk AppRisk - Secrets detection coverage with GitGuardian","subtitle":"Product training","seoKeywords":["GitGuardian","Secrets Detection","Secrets","Snyk AppRisk"],"seoTitle":"Snyk AppRisk - Secrets detection coverage with GitGuardian | Snyk Training","cves":[],"cwes":[],"description":"Learn how to configure Snyk AppRisk with GitGuardian and utilize the data for powerful policies, coverage validation, and reporting.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-gitguardian","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-gitguardian/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7GZwP369rcJ7i90JUzVmhi/82f3b933f1f100057c3bc09bb6711e80/AppRisk_-_Gitguardian.svg","topics":["Snyk AppRisk","Asset Management","Integrations"],"educationContentCategory":"product training"},{"lessonId":"ab3f6f4c-3a45-4388-32b0-5f97e24d46b6","datePublished":"2025-02-10","title":"Unsafe consumption of APIs","subtitle":"Don't always trust external data sources","seoTitle":"Unsafe consumption of APIs | Tutorial and examples","cves":[],"cwes":[],"description":"Discover how the unsafe consumption of APIs can lead to security breaches and learn the best practices for API security.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"unsafe-consumption-api","published":true,"url":"https://learn.snyk.io/lesson/unsafe-consumption-api/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3qiu0PZaTLjZrE4Oajlhc7/f747297996d36c8e25e0b7485ec7f71f/Unsafe_consumption_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0919a399-328e-4e56-1e9a-e483dea63206","datePublished":"2025-02-12","title":"ServiceNow - Vulnerability assignment rules","subtitle":"ServiceNow Workflows","seoKeywords":["ServiceNow","Snyk","Vulnerability"],"seoTitle":"ServiceNow - Vulnerability assignment rules | Product Training","cves":[],"cwes":[],"description":"Learn how to create vulnerability assignment rules for ServiceNow","ecosystem":"general","ecosystems":[],"rules":[],"slug":"service-now-vulnerability-assignment-rules","published":true,"url":"https://learn.snyk.io/lesson/service-now-vulnerability-assignment-rules/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ZdWVHWp9uRj9b4S53wVvk/3ccf71b1b150523a22e2f1da7f97957d/AppRisk_-_Servicenow.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"82b2a607-46e7-5440-ec9f-0f9ce1a0e475","datePublished":"2023-10-16","title":"Using Issue Analytics (Tenant->Analytics->Issues)","subtitle":"An enterprise plan feature","seoKeywords":["analytics"],"seoTitle":"Using Issue Analytics | Snyk Training","cves":[],"cwes":[],"description":"This lesson will provide an overview of a feature for Issue Analytics available for enterprise customers.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"using-issue-analytics","published":true,"url":"https://learn.snyk.io/lesson/using-issue-analytics/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/eDBUjcIh7lSOxQfUpK62P/c2972f8fd1b908e039fd344af7880343/Enterprise_Analytics.svg","topics":["Reporting","Analytics","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"b0e71b34-889c-4b4a-8b1f-0daf3ea3c60d","datePublished":"2024-05-01","title":"Snyk AppRisk - Using Application Analytics (Tenant->Analytics->Applications)","subtitle":"Product training","seoKeywords":["Snyk AppRisk","Analytics"],"seoTitle":"Snyk AppRisk - Using Application Analytics (Tenant->Analytics->Applications) | Snyk Training","cves":[],"cwes":[],"description":"Snyk AppRisk Application Analytics helps organizations understand coverage, potential gaps and trends across the applications they own. This lesson provides an overview.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-application-analytics","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-application-analytics/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6XyrpS3XcRAzhiRFNPT6rL/1e5028247c20a90fa16eef1489eaa852/AppRisk_-_Analytics.svg","topics":["Reporting","Analytics","Snyk AppRisk"],"educationContentCategory":"product training"},{"lessonId":"a966fb0f-bb22-4b42-04f4-03025a30e4b8","datePublished":"2025-01-26","title":"Prioritizing issues with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Issues","Priorization","Insights","Snyk AppRisk","Snyk Essentials"],"seoTitle":"Prioritizing Issues (Issues and Issue Insights) | Snyk Training","cves":[],"cwes":[],"description":"Using Issues (Snyk Enterprise Plan) and Issue Insights (Snyk AppRisk) to review and prioritize issues.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"issue-prioritization","published":true,"url":"https://learn.snyk.io/lesson/issue-prioritization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk Essentials","Enterprise","Snyk AppRisk","Issues","Asset Management"],"educationContentCategory":"product training"},{"lessonId":"5fedf3f1-b059-449e-9950-3e2c7bccce80","datePublished":"2021-09-15","author":"Krzysztof Huszcza","title":"Cross-site scripting (XSS)","subtitle":"Executing untrusted code in a trusted context.","seoKeywords":["cross-site scripting"],"seoTitle":"What is cross-site scripting (XSS)? | Tutorial & examples","cves":[],"cwes":["CWE-83","CWE-82","CWE-81","CWE-79","CWE-80"],"description":"Learn about XSS and how to protect your code from various cross-site scripting (XSS) attacks.","ecosystem":"javascript","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"xss","published":true,"url":"https://learn.snyk.io/lesson/xss/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5YDiQbdoZg2kM4Fw575uj1/373d73f2bfa32c9c45d437ea8b8d0b68/XSS.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"74770172-4051-52ac-3ea3-6c8a340acd97","datePublished":"2024-04-29","title":"Snyk Essentials - Application context with Backstage software catalog","subtitle":"Product training","seoKeywords":["Snyk AppRisk","Backstage","Snyk Essentials"],"seoTitle":"Snyk Essentials - Application context with Backstage software catalog | Snyk Training","cves":[],"cwes":[],"description":"This lesson provides a quick overview of the configuration and where application context can be leveraged across Snyk.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-essentials-backstage-software-catalog-application-context","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-backstage-software-catalog-application-context/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk Essentials","Snyk AppRisk","Enterprise","Asset Management"],"educationContentCategory":"product training"},{"lessonId":"e0d65c9d-2b6d-51c2-12ce-eb93060d9e54","datePublished":"2024-09-09","title":"Snyk Essentials - Application context with ServiceNow® CMDB","subtitle":"Product Training","seoKeywords":["ServiceNow CMDB","Snyk Essentials","Snyk AppRisk"],"seoTitle":"Snyk Essentials - Application context with ServiceNow® CMDB | Snyk Training","cves":[],"cwes":[],"description":"This lesson provides a quick overview of the configuration and where application context can be leveraged across Snyk.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-essentials-servicenow-cmdb-application-context","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-servicenow-cmdb-application-context/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ZdWVHWp9uRj9b4S53wVvk/3ccf71b1b150523a22e2f1da7f97957d/AppRisk_-_Servicenow.svg","topics":["Snyk AppRisk","Integrations","Asset Management","Snyk Essentials"],"educationContentCategory":"product training"},{"lessonId":"824927c0-1bad-4c06-a6d3-ae6324e3afd7","datePublished":"2024-08-19","title":"Model theft","subtitle":"Protecting a valuable asset","seoTitle":"What is model theft? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn about model theft (LLM10) in the OWASP Top 10 for LLM applications. We'll look at what it is and how to mitigate it.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"model-theft-llm","published":true,"url":"https://learn.snyk.io/lesson/model-theft-llm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2eR570QfnjsqXJk39BeSSe/36a73fde509e02331b6c7fa95ccba090/supply-chain-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"af794526-aa3b-476b-9d20-6806ea87f0b6","datePublished":"2025-01-28","title":"Unrestricted access to sensitive business flows","subtitle":"Going, going, gone!","seoTitle":"Unrestricted access to sensitive business flows | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how to identify and secure sensitive business flows in your APIs. Walk through examples of code to see this vulnerability in action.","ecosystem":"python","ecosystems":["python","javascript","java","csharp","golang","php"],"rules":[],"slug":"unrestricted-access-to-sensitive-business-flows","published":true,"url":"https://learn.snyk.io/lesson/unrestricted-access-to-sensitive-business-flows/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/rrCN6QRynvvuB7pZNsZHE/3f5d34a23f9f89f14b4291efd0b4d2a8/Unrestricted_access_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"6a6dfe46-5d86-4acf-8430-50a35d5dd6e9","datePublished":"2021-09-10","author":"Krzysztof Huszcza","title":"Prototype pollution","subtitle":"Exposing the default prototype by calling unsafe recursive functions with untrusted data as input","seoKeywords":["prototype pollution"],"seoTitle":"What is prototype pollution? | Tutorial & examples","cves":[],"cwes":["CWE-1321"],"description":"Learn what JavaScript prototype pollution is and how to prevent it.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"prototype-pollution","published":true,"url":"https://learn.snyk.io/lesson/prototype-pollution/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5VUry3Yv8gRAXJzS1jZYlR/a3cf3e269c601baffa4668b0a456d775/Prototype_pollution.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"33372a3d-eedc-498a-c3b6-76185b47b0aa","datePublished":"2023-01-03","author":"Luke Stephens","title":"Insecure Randomness","subtitle":"Not all randomness is created equally","seoKeywords":["insecure randomness","randomness"],"seoTitle":"What is insecure randomness? | Tutorial & examples","cves":[],"cwes":["CWE-1344","CWE-330","CWE-331","CWE-335","CWE-338","CWE-1241"],"description":"Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insecure-randomness","published":true,"url":"https://learn.snyk.io/lesson/insecure-randomness/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7jJGsgWfggQ6qp8qTSdXKx/01a180f1bc1c4ebd154b04043e73224d/Randomness.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"9803d61b-51cf-4afe-4080-35a5b08b0eaf","datePublished":"2022-09-22","author":"Michael Biocchi","title":"Insecure hash","subtitle":"Using strong hashes to store passwords","seoTitle":"What is an insecure hash? | Tutorial & examples","cves":[],"cwes":["CWE-916","CWE-816","CWE-759","CWE-310","CWE-326","CWE-327","CWE-328"],"description":"Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization","ecosystem":"javascript","ecosystems":["javascript","python","csharp","golang","php","cpp","java"],"rules":[],"slug":"insecure-hash","published":true,"url":"https://learn.snyk.io/lesson/insecure-hash/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/BC2wtjpCyiKgSsTzg1aJ0/d7244a4e787f0d0d6802f4cb811e7587/Insecure_hash.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"a1bc4726-19b8-49ea-ec60-8aaa85ba492b","datePublished":"2022-02-18","author":"Edgar Kussberg","title":"Open redirect","subtitle":"Improper validation of front-end provided redirect links","seoKeywords":["Open redirect vulnerability fix","Malicious redirects","Open redirect vulnerability","Unvalidated redirects and forwards","Open redirection vulnerability","Redirect attack","Open redirect"],"seoTitle":"Open redirect vulnerability | Tutorials & examples","cves":["CVE-2022-27256","CVE-2022-29214","CVE-2022-2250","CVE-2022-33146"],"cwes":["CWE-601"],"description":"Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.","ecosystem":"javascript","ecosystems":["php","golang","csharp","java","javascript","python"],"rules":[],"slug":"open-redirect","published":true,"url":"https://learn.snyk.io/lesson/open-redirect/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/Rm6D12c4VPNUOStmxzwuf/d75d5ef7922539ed9dd0920395aef9c6/Open_redirect.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ca8347b3-370f-4ea6-06d9-57916e65ef9d","datePublished":"2024-04-23","title":"Snyk AppRisk Pro - Issue Insights Overview","subtitle":"Product training","seoTitle":"Snyk AppRisk Pro - Issue Insights Overview | Snyk Training","cves":[],"cwes":[],"description":"Overview on requirements for setup and usage of Snyk AppRisk Pro's Insights feature.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-insights-overview","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-insights-overview/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2NcsYuthi2tlU9pdWjAnMH/3b3a2cf1dee4c1cb9655de56a5761622/AppRisk_-_Insights.svg","topics":[],"educationContentCategory":"product training"},{"lessonId":"4ca2f164-e446-4b20-dd32-f80e3cb792e7","datePublished":"2023-12-12","title":"Snyk AppRisk Essentials","subtitle":"Product training","seoTitle":"Snyk AppRisk Essentials | Snyk Training","cves":[],"cwes":[],"description":"A brief overview of Application Security Posture Management (ASPM), followed by deep training on Snyk Apprisk Essentials setup and usage.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-essentials","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-essentials/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":[],"educationContentCategory":"product training"},{"lessonId":"8e1a8dc1-2a05-4eb1-c870-57564e96717c","datePublished":"2025-01-26","title":"Integrations for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Snyk Essentials","Snyk AppRisk","Asset Management","Integrations"],"seoTitle":"Integrations for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"In this lesson you will learn the core capabilities and initial integrations with Snyk Essentials and additional capabilities introduced with the purchase of Snyk AppRisk","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-integrations","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-integrations/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk Essentials","Snyk AppRisk","Enterprise","Asset Management"],"educationContentCategory":"product training"},{"lessonId":"0932c3cf-0358-496f-b613-4ed8d8fe52a3","datePublished":"2025-01-26","title":"Reviewing Inventory for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Asset Management","Snyk Essentials","Snyk AppRisk","Inventory"],"seoTitle":"Reviewing Inventory for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"The Inventory provides a central, filterable view of all the detected assets, their control coverage, and essential metadata.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-inventory","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-inventory/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk AppRisk","Snyk Essentials","Asset Management","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"f5bd9135-472e-4b48-a066-befa664b2988","datePublished":"2025-01-26","title":"Asset Dashboard report for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Asset Management","Snyk Essentials","Snyk AppRisk","Asset Dashboard"],"seoTitle":"Asset Dashboard report for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"Snyk Enterprise and Snyk AppRisk customers have access to an asset report providing coverage details , asset information, and application context availability.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-asset-dashboard","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-asset-dashboard/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Asset Management","Snyk Essentials","Snyk AppRisk","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"bdd387c0-5653-4b7f-6cb6-98d89b0d4a11","datePublished":"2025-01-26","title":"Policies for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Snyk Essentials","Snyk AppRisk","Asset Management","Policies"],"seoTitle":"Policies for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"In this lesson you will learn the core policy capabilities with Snyk Essentials and additional capabilities introduced with the purchase of Snyk AppRisk","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-policies","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-policies/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Asset Management","Snyk AppRisk","Snyk Essentials","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"2520a38d-83c2-46bd-dd77-eb7401391e95","datePublished":"2022-09-12","title":"Regular expression denial of service (ReDoS)","subtitle":"Protecting your application from malicious regular expressions","seoKeywords":["redos attack","evil regex","regular expression denial of service\t","regex denial of service\t","regex ddos\t","redos vulnerability\t","What is redos"],"seoTitle":"ReDoS | Tutorial & Examples","cves":["CVE-2021-3777","CVE-2022-36034","CVE-2022-31781","CVE-2022-31147","CVE-2022-29169","CVE-2022-25887"],"cwes":["CWE-1333","CWE-185","CWE-400"],"description":"Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"redos","published":true,"url":"https://learn.snyk.io/lesson/redos/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/G2yqZdq9epordbCaSKuGW/c12cc2ef5ce8cffe9151cc2c871d9166/reDOS.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"4eb86c8f-c28f-4a1b-6801-4e3041c26ed8","datePublished":"2025-01-26","title":"Overview of Snyk Essentials and Snyk AppRisk for asset management and discovery","subtitle":"Product Training","seoKeywords":["Snyk Essentials","AppRisk","Asset Management"],"seoTitle":"Overview of Snyk Essentials and Snyk AppRisk for asset management and discovery | Snyk Training","cves":[],"cwes":[],"description":"Snyk Essentials, an overview of asset management and discovery for Snyk Enterprise customers, and capabilities introduced with the additional purchase of Snyk AppRisk","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-overview","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-overview/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":["Asset Management","Snyk AppRisk","Snyk Essentials","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"e48bc362-74ea-58bb-a97d-7a5af2597bbc","datePublished":"2025-01-26","title":"Snyk Essentials and AppRisk terminology for asset management and discovery","subtitle":"Terminology related to asset management and discovery","seoKeywords":["Asset Management","Snyk Essentials","Snyk AppRisk","Terminology"],"seoTitle":"Snyk Essentials and Snyk AppRisk terminology for asset management and discovery | Snyk Training","cves":[],"cwes":[],"description":"The following terminology is used by Snyk Essentials and Snyk AppRisk for asset management and discovery related features.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-terminology","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-terminology/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk AppRisk","Snyk Essentials","Asset Management","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"83bc3aa6-df84-478c-8b46-f8499a60129f","datePublished":"2025-01-17","title":"Broken object property level authorization","subtitle":"Failing to enforce access control","seoTitle":"Broken object property level authorization | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how API misconfigurations can expose sensitive object properties, leading to unauthorized access or manipulation.","ecosystem":"python","ecosystems":["python","java","javascript","csharp","golang","php"],"rules":[],"slug":"broken-object-property-level-authorization","published":true,"url":"https://learn.snyk.io/lesson/broken-object-property-level-authorization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4hyMvzrMjtewMy9sdT4GJP/5b8563b77e17745e178d491411cb06ae/broken_object_level_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0f4eca75-f160-43f7-ade0-83ca2e1376e9","datePublished":"2023-04-14","author":"Ruben Bos","title":"Memory leaks","subtitle":"Your code might run now, but will it in the future?","seoKeywords":["Memory leaks","how to fix memory leaks"],"seoTitle":"What are memory leaks? | Tutorial & examples","cves":[],"cwes":["CWE-401"],"description":"Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","golang","python","php","java","csharp","cpp"],"rules":[],"slug":"memory-leaks","published":true,"url":"https://learn.snyk.io/lesson/memory-leaks/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7fK1Lch8WYrJTgAEybW0S2/0e2144fca02b433ba5db4f679700d1b9/Memory_leaks.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5b33ca5c-6cbf-4879-553b-ed9f98277d71","datePublished":"2024-12-19","title":"Race condition","subtitle":"Also known as: concurrent execution using shared resource with improper synchronization","seoTitle":"What is a race condition? | Tutorial & examples","cves":[],"cwes":["CWE-362"],"description":"Learn about race conditions and the dangers of concurrency! We'll look at how to mitigate and remediate this vulnerability with real-world examples. ","ecosystem":"python","ecosystems":["python","java"],"rules":[],"slug":"race-condition","published":true,"url":"https://learn.snyk.io/lesson/race-condition/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1ZHKbycUrMUnHqnpvUNJBi/c2def9127e55e4a94da525bcb6106681/Race_condition.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1cb11a43-cd36-4dcb-1310-17f1815eaf91","datePublished":"2023-02-01","author":"Luke Stephens","title":"XPath injection","subtitle":"Construct XPath queries to guard against malicious input","seoKeywords":["xpath injection","xpath injection payload","xpath injection attack","xpath examples"],"seoTitle":"What is an XPath injection? | Tutorial & examples","cves":[],"cwes":["CWE-643"],"description":"Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","python","golang","java","csharp"],"rules":[],"slug":"xpath-injection","published":true,"url":"https://learn.snyk.io/lesson/xpath-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/63ZImC7nZlyw2eK0CMzKl3/35a6cbc01b775a2effe2c064a6854647/XPath_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e9754de0-b3d7-4e89-bd07-53835c4dd7cf","datePublished":"2024-10-01","title":"Hidden functionality","subtitle":"One person's buried treasure is another's landmine","seoTitle":"What is hidden functionality? | Tutorial & examples","cves":[],"cwes":["CWE-912"],"description":"In this lesson, we'll examine hidden functionality and discuss how to mitigate and remediate this vulnerability with real-world examples. ","ecosystem":"python","ecosystems":["python","php","golang","javascript","java","cpp","csharp"],"rules":[],"slug":"hidden-functionality","published":true,"url":"https://learn.snyk.io/lesson/hidden-functionality/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2Q6Bh8kjcw8prEfkTAP7gC/5bcd19846918b5b8bf4d6097c410442b/Hidden_Functionality.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1524522f-b4a5-41e5-8c95-6c1d3e5c38dc","datePublished":"2023-09-12","title":"Intro to Snyk","subtitle":"Snyk interface and initial setup for first time user","seoTitle":"Intro to Snyk | Snyk Training","cves":[],"cwes":[],"description":"Learn some key concepts and tasks you'll need for integrating Snyk into your workflows including how to navigate the Snyk interface.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"intro-to-snyk","published":true,"url":"https://learn.snyk.io/lesson/intro-to-snyk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4YKN6bK1oMcpRiNOapYJwN/eaaa4bdfc01159c18159f82ae285a9b6/Introduction_to_the_Snyk_UI.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"f0ca0d2c-2fdf-52e1-a618-f2da8f6d526f","datePublished":"2023-09-15","title":"Tenants, Groups and Organizations | Snyk Training","subtitle":"Organizing your Projects and controlling access","seoKeywords":["Tenant","Snyk"],"seoTitle":"Tenants, groups and organizations | Snyk Training","cves":[],"cwes":[],"description":"Learn about the structure hierarchy within Snyk and discover considerations for planning your rganizational structure.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"groups-and-organizations","published":true,"url":"https://learn.snyk.io/lesson/groups-and-organizations/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5sH6YS0INqo4xkVP2ET8bs/f06836adc769b9962d3e9069db1871c3/Snyk_account_structure.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"ff20d776-4605-5230-5303-1bc0b85601bd","datePublished":"2024-07-10","title":"Missing encryption","subtitle":"Some things shouldn't be in plaintext","seoTitle":"What is missing encryption? | Tutorial & examples","cves":[],"cwes":["CWE-311"],"description":"Learn about encryption and the danger of not using it! We'll look at how to mitigate and remediate this vulnerability with real-world examples. ","ecosystem":"python","ecosystems":["python","php","javascript","java","golang","cpp","csharp"],"rules":[],"slug":"missing-encryption","published":true,"url":"https://learn.snyk.io/lesson/missing-encryption/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/19HVirkgQ5vLcrFncBDVfr/baa56ed7d2b7b01a4a57f5c017ea350e/Missing_encryption.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"436fc6ea-5b6a-48ac-ca94-8fd3b8b5ca43","datePublished":"2024-07-10","title":"Snyk Github Cloud App","subtitle":"A Snyk source code management integration into GitHub Cloud","seoKeywords":["GitHub","GitHub Cloud"],"seoTitle":"Snyk Github Cloud App | Snyk Training","cves":[],"cwes":[],"description":"Installation and migration instructions for Snyk Github Cloud App integration","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-github-cloud-app","published":true,"url":"https://learn.snyk.io/lesson/snyk-github-cloud-app/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/xr7nYm1YPR48nhc3sXDiv/c0613b3692e62e4805f4bbfe9ef5a455/Snyk_Github.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"600759fc-a3a4-4ce9-3cb2-3dbe41ddbf12","datePublished":"2024-12-06","title":"Session persistence after logout","subtitle":"Gone but not forgotten: a developer's guide to a secure logout","seoKeywords":["CWE-613","session persistence"],"seoTitle":"Session persistence after logout | Tutorial & Examples","cves":[],"cwes":["CWE-613"],"description":"Learn about what happens when logging out doesn't invalidate the session. We'll look at an example of this in action!","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"session-persistence","published":true,"url":"https://learn.snyk.io/lesson/session-persistence/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3j2VpLmTMTmA3LpL5gyuTx/0103594387c09a93342cce48203e235d/Session.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7a6df7c2-f8d2-54ac-f982-1207ca75d247","datePublished":"2023-01-04","author":"Luke Stephens","title":"Logging vulnerabilities","subtitle":"Logging... too much or too little?","seoKeywords":["secure logging","logging","javascript logging to file","javascript logging","javascript logging errors","logging vulnerabilities"],"seoTitle":"What are logging vulnerabilities? | Tutorial & examples","cves":[],"cwes":["CWE-117","CWE-223","CWE-532","CWE-778"],"description":"Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.","ecosystem":"javascript","ecosystems":["javascript","python","php","java","csharp","golang","cpp"],"rules":[],"slug":"logging-vulnerabilities","published":true,"url":"https://learn.snyk.io/lesson/logging-vulnerabilities/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5ys3pmaxbBwktmGZSHUhar/650192f9dcabcccb3abaf285d4a8d7ed/Security_logging_and_monitoring_failures.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f654aed0-4c94-4e83-791f-6d39630ce0ed","datePublished":"2023-03-30","author":"Luke Stephens","title":"Server-side request forgery (SSRF)","subtitle":"Unintended access to internal resources via exploited server","seoKeywords":["server-side request forgery","SSRF Vulnerabilities","SSRF Attack","http requests","web applications","XXE injection","arbitrary command execution","blind SSRF vulnerabilities","SSRF remediation"],"seoTitle":"What is SSRF (server-side request forgery)? | Tutorial & examples","cves":[],"cwes":["CWE-918"],"description":"Learn how to protect your code from server-side request forgery (SSRF) attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.","ecosystem":"javascript","ecosystems":["javascript","python","cpp"],"rules":[],"slug":"ssrf-server-side-request-forgery","published":true,"url":"https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4eEDx2b5pq9Sg7FUBgqpNW/dc2614ef0fe3e7089bbf1518d62eaf35/SSRF.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"bb4f3cc1-fe50-4988-dee1-3e9ceb9599ec","datePublished":"2024-11-11","title":"What is PCI DSS?","subtitle":"The Payment Card Industry Data Security Standard","seoKeywords":["PCI DSS","The Payment Card Industry Data Security Standard"],"seoTitle":"What is PCI DSS? | Tutorial and examples","cves":[],"cwes":[],"description":"This lesson covers PCI DSS, what it is, why it's important for developers to know, and some examples of how this applies to developers and their code.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"pci-dss","published":true,"url":"https://learn.snyk.io/lesson/pci-dss/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4l8UA8QokCZ7KZxGQ9yO4H/3be7944f4f44a5283ca01357f54d70ab/Hidden_Functionality.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ca4b8174-8bf5-4c17-9d79-04f4acfa8b5f","datePublished":"2022-10-07","author":"Thomas Malcolm","title":"Insecure design","subtitle":"Protect your applications against insecure design","seoKeywords":["owasp insecure design","insecure design vulnerabilities","Secure Development Lifecycle","Improper Handling of Insufficient Permissions or Privileges","Improper Privilege Management","insecure design"],"seoTitle":"Insecure Design | Tutorials & Examples","cves":[],"cwes":["CWE-841","CWE-280","CWE-266","CWE-269"],"description":"Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","python","cpp","java","php","golang","csharp"],"rules":[],"slug":"insecure-design","published":true,"url":"https://learn.snyk.io/lesson/insecure-design/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/xwdRrfcbCSKEkzk8gl8NS/6a097220701af7c6c8bfda73b6c0ea29/Insecure_design.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"fbb86e1d-9d39-4eeb-e060-44980b8da076","datePublished":"2022-08-25","author":"Luke Stephens","title":"Broken access control","subtitle":"Making sure we authenticate and authorize correctly","seoKeywords":["access control","Authentication control","What is broken access control","Broken access control vulnerability","Broken access control attacks","Broken access control examples","Broken access control"],"seoTitle":"What is broken access control | Tutorial & Examples","cves":[],"cwes":["CWE-862","CWE-1344","CWE-284","CWE-287","CWE-306","CWE-276","CWE-863"],"description":"Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.","ecosystem":"javascript","ecosystems":["javascript","python","cpp","php","golang"],"rules":[],"slug":"broken-access-control","published":true,"url":"https://learn.snyk.io/lesson/broken-access-control/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6nBmhWxYrZBqClG6gUWXYd/37cbec1882e1654bd5135927a3cd36d4/Broken_access_control.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5a2a0a34-d2ec-4302-8b20-2b6210fc75d3","datePublished":"2024-10-21","title":"What is Personally Identifiable Information (PII)?","subtitle":"What is it and how do we protect it?","seoTitle":"What is Personally Identifiable Information (PII)? | Tutorials & Examples","cves":[],"cwes":[],"description":"This lesson covers PII, its importance for developers, where it's found in software, common pitfalls, and best practices for securely handling personal data.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"what-is-pii","published":true,"url":"https://learn.snyk.io/lesson/what-is-pii/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/38ygFjTIrXDguqHtMV7TAA/8f765fd6793cfff23ab09e16a9d7d949/PII.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"a64c12aa-19ad-4960-3025-d8d14f3101d3","datePublished":"2022-10-21","author":"Luke Stephens","title":"Vulnerable and outdated components","subtitle":"Your code has more dependencies than ever, but are they secure?","seoKeywords":["Vulnerable software","Vulnerable and outdated components","Outdated software"],"seoTitle":"How to Manage Vulnerable and Outdated Components | Snyk Learn","cves":[],"cwes":["CWE-1344","CWE-1104","CWE-1035","CWE-937"],"description":"A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.","ecosystem":"javascript","ecosystems":["javascript","cpp","python"],"rules":[],"slug":"vulnerable-and-outdated-components","published":true,"url":"https://learn.snyk.io/lesson/vulnerable-and-outdated-components/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3EqSiclZts8johxNx8Ryup/5f70593b281127b4b87958824b4c1c26/Vulnerable_and_outdated_components.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ecc4b01f-0aca-4b7c-6a00-2f6f039bc4e9","datePublished":"2023-02-14","author":"Ruben Bos","title":"Null dereference","subtitle":"The dangers of accessing null objects","seoKeywords":["null dereference","null pointer deference","null pointer vulnerability","null dereference vulnerability"],"seoTitle":"What is a null dereference? | Tutorial & examples","cves":[],"cwes":["CWE-476","CWE-465"],"description":"Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"cpp","ecosystems":["cpp"],"rules":[],"slug":"null-dereference","published":true,"url":"https://learn.snyk.io/lesson/null-dereference/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5hyy9meZn31ETlz5ZylIni/e8713e99bf45dbee1ac0fa1be4475d20/Null_dereference.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5a5768a1-98eb-450d-1fd6-53aacbacb8da","datePublished":"2024-03-15","title":"Excessive agency","subtitle":"AI overstepping its bounds: understanding and mitigation","seoTitle":"What is excessive agency? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn about excessive agency (LLM08), in the OWASP Top 10 for LLM applications. We'll look at what it is, how it works, and how to mitigate it.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"excessive-agency","published":true,"url":"https://learn.snyk.io/lesson/excessive-agency/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4crQWHoQLW6KwWZB1O6wXl/4f23abfdebe19f624bb18f8ac8e01db8/excessive_agency.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"d56e33ae-865e-568a-1b3d-ab3e49507e8f","datePublished":"2024-04-22","title":"Denial of service","subtitle":"Bringing down and LLM with DoS","seoTitle":"What is an LLM denial of service? | Tutorial & examples","cves":[],"cwes":[],"description":"In this lesson, we'll look at how Denial of Service (DoS) attacks work, why they occur, and how to prevent them. We'll specifically be focusing on LLMs and OWAPS's LLM04.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"llm-denial-of-service","published":true,"url":"https://learn.snyk.io/lesson/llm-denial-of-service/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ZvRf95TIjO5XcPEsABadC/b398aaa8983adacea70cee2f7d658cd4/dos.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"8dbf8638-4f22-5086-c526-305a4fd4e47a","datePublished":"2024-05-06","title":"Insecure plugins for LLMs","subtitle":"External plugins bring extra functionality and extra danger","seoTitle":"What are insecure plugins in LLMs? | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how an attacker can exploit insecure plugins in LLM-based applications and compare them to similar attacks like resource exhaustion with examples.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"llm-insecure-plugins","published":true,"url":"https://learn.snyk.io/lesson/llm-insecure-plugins/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2jevQDbNYmlUJuus6rbjaM/8c3968cc60e8e0c6c2ae171260f4e4ea/insecure-plugins.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"daf32036-ef2e-5958-bd23-b1e4d79844f0","datePublished":"2024-02-15","title":"Prompt injection","subtitle":"AI manipulation tactics: understanding and mitigation","seoTitle":"What is prompt injection? | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about prompt injection or LLM01, in the OWASP Top 10 for LLM applications. We'll look at prompt injection, how it works, and how to mitigate it.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"prompt-injection","published":true,"url":"https://learn.snyk.io/lesson/prompt-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2c6X0kUEBVES7qF06wyHNO/71a5db3945f06cfa1d0928ccdf234e50/prompt_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"dab0c0fa-b0c0-55b0-530f-9d689119544b","datePublished":"2024-05-24","title":"Overreliance on LLMs","subtitle":"Dealing with incorrect or inappropriate content generated by LLMs","seoTitle":"What is overreliance on LLMs? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how you can introduce vulnerabilities into your code by overreliance on LLMs. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"overreliance-on-llms","published":true,"url":"https://learn.snyk.io/lesson/overreliance-on-llms/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2jrHtTup0JHkQ6elwqnroO/48be3f29e147fbf41550ba0f7326d431/overreliance-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0e893170-7845-4597-4db2-5af106440b55","datePublished":"2024-06-07","title":"Insecure output handling in LLMs","subtitle":"Even your LLMs need to sanitize data!","seoTitle":"Insecure output handling in LLMs | Tutorials & Examples","cves":[],"cwes":[],"description":"Learn how your LLM can create vulnerabilities by not sanitizing data and creating insecure output. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"insecure-input-handling","published":true,"url":"https://learn.snyk.io/lesson/insecure-input-handling/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5tTUj9UtYedv4onsqMuGSo/9bcd7b2ffb404b11e44bf14466fbb8d4/output-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"c9ff4270-c527-4d10-0b47-6991ccfc023a","datePublished":"2024-06-25","title":"Sensitive information disclosure in LLMs","subtitle":"Can your LLM keep a secret?","seoTitle":"What is sensitive information disclosure in LLMs? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how your LLM might give away too much data, including sensitive information. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"sensitive-information-disclosure-llm","published":true,"url":"https://learn.snyk.io/lesson/sensitive-information-disclosure-llm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1jpYPV3FAIBUlDGyXZTeXn/80169d9b94201ae78f59a9a2451fc88d/sensitive-info-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ef1a72bf-6de5-501b-aace-e39d970e9d0b","datePublished":"2024-07-22","title":"Training data poisoning","subtitle":"Is the data in your dataset correct? ","seoTitle":"What is training data poisoning? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how your LLM can become insecure and unreliable with training data poisoning. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"training-data-poisoning","published":true,"url":"https://learn.snyk.io/lesson/training-data-poisoning/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6LKlXUmRZbsm1RI5DVkJh7/7c0f07537979bb83a794cf9d06fe46ec/training-data-poisoning-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f7eea628-0ba4-5475-400c-f6392e408e38","datePublished":"2024-08-13","title":"Supply chain vulnerabilities","subtitle":"When a trusted third party becomes untrustworthy","seoTitle":"What are supply chain vulnerabilities in LLMs? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how your LLM can become vulnerable due to threats within the supply chain. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"supply-chain-vulnerabilities-llm","published":true,"url":"https://learn.snyk.io/lesson/supply-chain-vulnerabilities-llm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1ffYhZsTYSfTTD36Uyz7jW/bb35aca0d7fee0d8a9e74d651689a1a6/supply-chain-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f39d9231-6cb2-512b-bdca-dea8be7b587d","datePublished":"2024-07-29","title":"Security Analytics with Snowflake","subtitle":"An introduction to performing analytics with Snowflake","seoKeywords":["Snyk","Snowflake","analytics","reports"],"seoTitle":"Security Analytics with Snowflake","cves":[],"cwes":[],"description":"Unlocking powerful new analytical tools to better understand and visualize Snyk data with your data in Snowflake","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"security-analytics-with-snowflake","published":true,"url":"https://learn.snyk.io/lesson/security-analytics-with-snowflake/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":["Analytics","Integrations","Reporting"],"educationContentCategory":"product training"},{"lessonId":"0976bce6-4529-4079-d0c2-3ec0a17833ac","datePublished":"2023-09-26","title":"Using Snyk with CI/CD","subtitle":"Three different use cases for using Snyk with CI/CD","seoTitle":"Using Snyk with CI/CD | Snyk Training","cves":[],"cwes":[],"description":"Learn why to use Snyk in a CI/CD pipeline, different ways of deployment, and three different use cases for using Snyk with CI/CD.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"using-snyk-with-ci-cd","published":true,"url":"https://learn.snyk.io/lesson/using-snyk-with-ci-cd/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2GAedypbAnsKbUdVqouKYh/b8fc9ee79b3245091ad0da00feb70237/CD.svg","topics":["CI/CD"],"educationContentCategory":"product training"},{"lessonId":"3a1226d9-79e2-4f2c-b3b9-c811a301d558","datePublished":"2023-09-18","title":"Opening a Jira issue","subtitle":"Initiate a Jira issue from Snyk","seoTitle":"Opening a Jira issue | Snyk Training","cves":[],"cwes":[],"description":"Learn to initiate a Jira issue for an issue right from the Snyk Web UI.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"jira-issue","published":true,"url":"https://learn.snyk.io/lesson/jira-issue/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1Zi4gBzwxeMQuRBEHQNGQJ/9ab7fa64555c57ee45d24aab5146f4d5/Open_Jira_issue.svg","topics":["Issues"],"educationContentCategory":"product training"},{"lessonId":"b9ae4e27-5f73-4e57-d08a-f9744390a122","datePublished":"2023-09-18","title":"Configuring notifications","subtitle":"Send alerts, change settings, set defaults","seoTitle":"Configuring notifications | Snyk Training","cves":[],"cwes":[],"description":"Prepare for developer adoption of Snyk by setting appropriate notification defaults for new organizations created and new projects imported.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"configuring-notifications","published":true,"url":"https://learn.snyk.io/lesson/configuring-notifications/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4YN4VG2Uhv9nq8JytQyfmb/9227d51afd04d6e747d23d119ca3e72d/Notifications.svg","topics":["Notifications"],"educationContentCategory":"product training"},{"lessonId":"8394297f-e86c-50ac-3dd9-83da245b1553","datePublished":"2023-09-19","title":"Integrating Snyk at your company","subtitle":"Snyk across the SDLC","seoTitle":"Integrating Snyk at your company | Snyk Training","cves":[],"cwes":[],"description":"Consider how you want to adopt Snyk across your SDLC and learn about the Snyk Developer Adoption Model to determine where you are in your security journey.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"integrate-snyk-at-your-company","published":true,"url":"https://learn.snyk.io/lesson/integrate-snyk-at-your-company/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1SGM19Yonc38lpiHs4e7Ii/055b18854e818b4a0e1bb3253fab6a35/Ways_to_integrate_Snyk_at_your_company.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"a0ed85b5-a5ba-4647-6ba4-9776782acaf5","datePublished":"2023-09-19","title":"Intro to Snyk for developers","subtitle":"Perform security tests and understand the results","seoTitle":"Intro to Snyk for developers | Snyk Training","cves":[],"cwes":[],"description":"Learn about how Snyk can help you develop securely, including how to find and fix issues with the Snyk IDE plugin and in the Snyk CLI.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-for-developers","published":true,"url":"https://learn.snyk.io/lesson/snyk-for-developers/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/bh2H1IP8bSwAqaFxemrfW/77e58bf62ad5146cb073985f33d28756/Intro_to_Snyk_for_Developers.svg","topics":["Security knowledge","Issues"],"educationContentCategory":"product training"},{"lessonId":"846e5eb4-eb14-5344-0ba3-3e457be6394d","datePublished":"2023-09-25","title":"Security policy management","subtitle":"Automate how you identify certain issues","seoTitle":"Security policy management | Snyk Training","cves":[],"cwes":[],"description":"Learn to define the conditions and actions for new security policies and apply them based on attributes or Organizations.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"security-policy-management","published":true,"url":"https://learn.snyk.io/lesson/security-policy-management/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/17bQY4f2GS8Tr8SlCULla6/126c65d18a1137f1b44df646b4c365b8/Introduction_to_Security_Policies.svg","topics":["Enterprise","Issues","Policies"],"educationContentCategory":"product training"},{"lessonId":"bbef0989-51bb-506a-ea5b-c8253754b4bc","datePublished":"2023-09-26","title":"Snyk Reports","subtitle":"Getting the most out of Snyk Reports","seoTitle":"Snyk Reports | Training","cves":[],"cwes":[],"description":"Learn how development and security teams can use Snyk reports for prioritization, responsibility, and accountability.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-reports","published":true,"url":"https://learn.snyk.io/lesson/snyk-reports/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5Q5VHb3df4uIn2nqogNkw8/9a54be51a61dadfdf5299db62a988844/Using_Snyk_Reports.svg","topics":["Issues","Reporting"],"educationContentCategory":"product training"},{"lessonId":"8e525046-5550-4d70-7b01-c0e85c12b983","datePublished":"2023-09-12","title":"Ignoring issues","subtitle":"Prioritize and deprioritize issues","seoTitle":"Ignoring issues | Snyk Training","cves":[],"cwes":[],"description":"In this training lesson, learn to ignore issues in the Snyk UI as a prioritization strategy.\n","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"ignoring-issues","published":true,"url":"https://learn.snyk.io/lesson/ignoring-issues/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7FnFZj32prmgCkx0rBd9JK/9fa223684186cacd5f6d86dc2838d33c/Ignore_issues_in_Snyk_UI.svg","topics":["UI","Issues"],"educationContentCategory":"product training"},{"lessonId":"c7574b9f-0847-55a2-d220-4b3756f6c4bd","datePublished":"2023-09-13","title":"Finding source code issues","subtitle":"Using Snyk Code in your Git Code Repositories","seoTitle":"Finding source code issues | Snyk Training","cves":[],"cwes":[],"description":"Learn to use the Snyk Web UI to find code issues. Take a closer look at the Projects page and the Issue card for code Projects and issues.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"finding-source-code-issues","published":true,"url":"https://learn.snyk.io/lesson/finding-source-code-issues/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/39gsymitlRJsPjhiVWNqUb/ebbdab8cfc311ca45db0709c4f6bf419/Find_code_issues.svg","topics":["Snyk Code","Issues"],"educationContentCategory":"product training"},{"lessonId":"bd843100-b99c-466f-515d-aedaeb9406ea","datePublished":"2023-09-18","title":"Roles and permissions in enterprise","subtitle":"Members, permission, and more","seoTitle":"Roles and permissions in enterprise | Snyk Training","cves":[],"cwes":[],"description":"Learn to invite members to your Organization and set the permissions on who can ignore issues.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"roles-and-permissions-in-enterprise","published":true,"url":"https://learn.snyk.io/lesson/roles-and-permissions-in-enterprise/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3wPYwiE4OQK7kvboCw7znA/563506f8d7d77656cc075f9a22ff9358/Members_and_Permissions.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"ec0cb53f-11aa-4c03-c1c3-588b149a806e","datePublished":"2023-09-18","title":"Importing a Project","subtitle":"Strategies for importing a project","seoTitle":"Importing a Project | Snyk Training","cves":[],"cwes":[],"description":"Learn how Snyk identifies a project. You'll also learn different ways to import projects and understand considerations for importing projects in bulk.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"importing-a-project","published":true,"url":"https://learn.snyk.io/lesson/importing-a-project/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6vdx6f0j8EL8wjcRLX8ws5/058032dda89ae175b0f9d5ccbe887141/Project_import_strategies.svg","topics":["Project imports"],"educationContentCategory":"product training"},{"lessonId":"c48d1a39-8760-4e5f-d581-206e9d367dc4","datePublished":"2023-09-15","title":"Snyk CLI and Snyk Open Source","subtitle":"Install and authenticate the CLI","seoTitle":"Snyk CLI and Snyk Open Source | Snyk Training","cves":[],"cwes":[],"description":"Learn to authenticate the local CLI to your Snyk account. You'll also learn how to review results for Snyk test and Snyk monitor commands.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-cli","published":true,"url":"https://learn.snyk.io/lesson/snyk-cli/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4fS7VlU1hub37JL2s6ibzR/18583cf9dd95267010a538c86397145c/Introduction_to_Snyk_CLI.svg","topics":["Snyk Open Source"],"educationContentCategory":"product training"},{"lessonId":"8b0e05c1-4ce5-4c41-32d2-3075ac6ceb83","datePublished":"2023-09-15","title":"Snyk implementation kickoff","subtitle":"Getting started, all in one video","seoTitle":"Snyk implementation kickoff | Snyk Training","cves":[],"cwes":[],"description":"Learn the best practices for preparing to roll out Snyk to your teams, including a Snyk overview, rollout considerations, the maturity of your security program, and more.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-implementation-kickoff","published":true,"url":"https://learn.snyk.io/lesson/snyk-implementation-kickoff/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6Pc1qjeNxHZENj1VXTJ0Hv/f7ea132b5bf3f2685a7836c1cb036661/Snyk_Implementation_Kickoff.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"53ee635e-9b36-456a-9328-290b2aa7896a","datePublished":"2023-09-13","title":"Intro to Snyk UI","subtitle":"Welcome to the Snyk UI","seoTitle":"Intro to Snyk UI | Snyk Training","cves":[],"cwes":[],"description":"Learn to use Snyk to find, prioritize, and fix issues for Open Source, Code, Container, and IaC files.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"intro-to-snyk-ui","published":true,"url":"https://learn.snyk.io/lesson/intro-to-snyk-ui/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3osKqb28iRKqzO1pfHeoTC/5ca89da5bd22db5b12f67ebf283a1706/Introduction_to_the_Snyk_UI.svg","topics":["UI"],"educationContentCategory":"product training"},{"lessonId":"092a66d9-c5c8-4b77-9855-49e6183bdb14","datePublished":"2023-09-29","title":"Intro to Snyk for administrators","subtitle":"Configure key settings in Snyk","seoTitle":"Intro to Snyk for administrators | Snyk Training","cves":[],"cwes":[],"description":"Learn the best practices for configuring your Snyk Organization to align your integration settings with your security maturity and manage aspects of your Organization.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-for-administrators","published":true,"url":"https://learn.snyk.io/lesson/snyk-for-administrators/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2YBEsl4r9nWeVeI4Z5OCdG/c828935a3bc1bf7a2c11ae00231d3806/Intro_to_Snyk_for_Administrators.svg","topics":["Admin"],"educationContentCategory":"product training"},{"lessonId":"4963cdf2-dc45-4901-7a70-d91ae0a78785","datePublished":"2023-09-28","title":"Configuring Snyk with your source control manager","subtitle":"Integrations and automations","seoTitle":"Configuring Snyk with your source control manager | Snyk Training","cves":[],"cwes":[],"description":"Learn to configure an example source code manager integration to make the best use of automations for your stage of the Snyk Developer Adoption model.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"configure-snyk-scm","published":true,"url":"https://learn.snyk.io/lesson/configure-snyk-scm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/VB3xULgcm0yT5mGYyTrvU/d8ef6a67e9d304537d2e5604ea7bc3f7/Source_Code_Manager_Configurations.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"88f2507c-75cf-4de3-1bbf-5156f71a7e0a","datePublished":"2023-09-28","title":"Creating custom rules for Snyk Code","subtitle":"Rules, queries, and policies","seoTitle":"Creating custom rules for Snyk Code | Snyk Training","cves":[],"cwes":[],"description":"Learn about how to use Snyk Code custom rules and get a high-level overview of the custom editor for Snyk Code and its capabilities.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"custom-rules-for-snyk-code","published":true,"url":"https://learn.snyk.io/lesson/custom-rules-for-snyk-code/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4GM2r47uSze1so5vk7CeoH/df9a9179d9e70bddbecc0ba7b394a151/Snyk_Code_Custom_Rules.svg","topics":["Snyk Code","Issues"],"educationContentCategory":"product training"},{"lessonId":"1480d2fa-5a82-4b3a-923d-517f8a69977b","datePublished":"2023-09-28","title":"Fixing open source vulnerabilities","subtitle":"Fixing all those pesky issues","seoTitle":"Fixing open source vulnerabilities | Snyk Training","cves":[],"cwes":[],"description":"In this training lesson, learn to open a fix PR from the Snyk Web UI if your language/package manager supports it.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"fixing-issues","published":true,"url":"https://learn.snyk.io/lesson/fixing-issues/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/46uprjwhytZ1VW831CUar4/2f15aae7c83033c3860e216388b937b3/Fix_Issues.svg","topics":["Issues"],"educationContentCategory":"product training"},{"lessonId":"f16e894b-8548-578f-9ace-7af3e9697e70","datePublished":"2023-09-29","title":"CircleCI Implementation","subtitle":"Add Snyk scanning to your build pipeline","seoTitle":"CircleCI Implementation | Snyk Training","cves":[],"cwes":[],"description":"This session gives a quick walkthrough on how to add Snyk scanning into your build pipeline using the Snyk Orb in CircleCI.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"circleci-implementation","published":true,"url":"https://learn.snyk.io/lesson/circleci-implementation/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3GWkHtTbo8n4k3QaJV7p1h/a9b1a86c9919f287bfe570ab20c767e4/Implement_Snyk_with_CircleCI__1_.svg","topics":["CI/CD","CircleCI"],"educationContentCategory":"product training"},{"lessonId":"ab536968-4827-5052-17a7-a7d4cc3de49e","datePublished":"2023-09-29","title":"Integrating and using Snyk with CircleCI","subtitle":"Learn about orbs, tokens, and scans","seoTitle":"Integrating and using Snyk with CircleCI | Snyk Training","cves":[],"cwes":[],"description":"Learn to configure and run the Snyk scan step in your CircleCI builds, including activating Snyk Orb, editing the configuration template, reviewing the results, and more","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"integrating-snyk-circleci","published":true,"url":"https://learn.snyk.io/lesson/integrating-snyk-circleci/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/rO5uKBk2dRVD95GjsCrEQ/95d2de66ab0d995f116e61c2e0ee11aa/Implement_Snyk_with_CircleCI.svg","topics":["CircleCI"],"educationContentCategory":"product training"},{"lessonId":"b7777a05-390b-4b0a-f806-094a0c529668","datePublished":"2023-09-29","title":"Open source license policy management","subtitle":"Identify if you are using packages with certain types of licenses","seoTitle":"Open source license policy management | Snyk Training","cves":[],"cwes":[],"description":"Learn to define how Snyk identifies open-source packages that use certain licenses. Include guidance for developers on addressing issues that don't meet license policy.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"license-policy-management","published":true,"url":"https://learn.snyk.io/lesson/license-policy-management/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5HQpB9HLfAuO7Tkj6rXIbZ/9081f5554767a0eb3e3acb503b6d9f92/Introduction_to_License_Policies.svg","topics":["Snyk Open Source"],"educationContentCategory":"product training"},{"lessonId":"576e1c02-8353-4897-5840-e84437793768","datePublished":"2023-09-12","title":"Creating Infrastructure as Code (IaC) custom rules","subtitle":"Learning how to create IaC custom rules","seoTitle":"Creating Infrastructure as Code (IaC) Custom Rules | Snyk Training","cves":[],"cwes":[],"description":"In this lesson, we will learn how to create a custom infrastructure as code rule using an example to ensure public EC2 instances are not used.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"iac-custom-rules","published":true,"url":"https://learn.snyk.io/lesson/iac-custom-rules/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":["IaC"],"educationContentCategory":"product training"},{"lessonId":"0537d045-fe98-451a-b95c-c00b8c9e58fc","datePublished":"2023-09-29","title":"Prioritize issues using the Snyk Web UI","subtitle":"Using filters for prioritization","seoTitle":"Prioritize issues using the Snyk Web UI | Snyk Training","cves":[],"cwes":[],"description":"Learn to use filters in the Snyk UI for prioritizing the list of issues.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"prioritize-issues-snyk","published":true,"url":"https://learn.snyk.io/lesson/prioritize-issues-snyk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1YQVikEEVyIHgeYX8kVgRq/778ceb052d51311086a5c64e269c21ca/Prioritize_issues_in_the_Snyk_Web_UI.svg","topics":["Issues"],"educationContentCategory":"product training"},{"lessonId":"a8bd2a25-3027-4f73-c024-179a66bfe3bc","datePublished":"2023-09-28","title":"Configuring Snyk with Bitbucket","subtitle":"How Default Snyk Tests on PRs work in Bitbucket","seoTitle":"Configuring Snyk with Bitbucket | Snyk Training","cves":[],"cwes":[],"description":"See how Default Snyk Tests on PRs work in Bitbucket, including the configuration for an Organization or a Project and how to review and skip blocked builds.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-with-bitbucket","published":true,"url":"https://learn.snyk.io/lesson/snyk-with-bitbucket/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1ckRWa4qYjZgpuJpjLe50U/05e8a944796767369d0175b827bb2c89/Use_Snyk_to_block_builds_in_Bitbucket.svg","topics":["CI/CD"],"educationContentCategory":"product training"},{"lessonId":"3da939df-0493-4549-d3c5-1200d26bc5d7","datePublished":"2023-09-29","title":"SSO, authentication, and user provisioning","subtitle":"Provisioning new users via single sign-on (SSO)","seoTitle":"SSO, authentication, and user provisioning | Snyk Training","cves":[],"cwes":[],"description":"Learn about the options for provisioning new users via single sign-on (SSO). You'll also prepare for completing the SSO setup process.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"sso-authentication-provisioning","published":true,"url":"https://learn.snyk.io/lesson/sso-authentication-provisioning/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6BMaVSsPnmTrOkX8vfbKXQ/7299c723bb827834d1ad1d6f10462c41/SSO__authentication__and_user_provisioning.svg","topics":["Authentication"],"educationContentCategory":"product training"},{"lessonId":"afabff79-c8f2-513e-b5a1-b42e455fb5db","datePublished":"2023-09-29","title":"Secure development with Snyk","subtitle":"Secure your applications with Snyk","seoTitle":"Secure development with Snyk | Snyk Training","cves":[],"cwes":[],"description":"Learn how the Snyk Platform, Snyk Advisor, and learning platform help develop a secure application.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"secure-development-with-snyk","published":true,"url":"https://learn.snyk.io/lesson/secure-development-with-snyk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4MPNigsPIsyVptsiiQ19jO/8a33bd394f63b0e0d0120734403e9e00/Introduction_to_Secure_Development.svg","topics":["Security knowledge"],"educationContentCategory":"product training"},{"lessonId":"58b937bb-a5dc-4775-f4fc-05d22c609764","datePublished":"2023-07-31","title":"Unrestricted upload of files with dangerous types","subtitle":"File upload functionality can present a huge risk to your application if implemented incorrectly!","seoKeywords":["Unrestricted upload of files","Unrestricted file upload","Insufficiently restricted file uploads"],"seoTitle":"What is unrestricted file upload? | Tutorial & examples","cves":[],"cwes":["CWE-434"],"description":"Learn about the dangers of file uploads and the inefficiently restricted file uploads with dangerous types. Learn to mitigate and fix the vulnerability from experts.","ecosystem":"javascript","ecosystems":["javascript","cpp","csharp"],"rules":[],"slug":"unrestricted-file-upload","published":true,"url":"https://learn.snyk.io/lesson/unrestricted-file-upload/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5yf7zcwd02FxPJRB9DBZbL/d3f869fcdb60abb50e53c73a228a3bac/unrestricted_upload.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"6a81f9c2-f9db-4d13-7893-86ee604148c9","datePublished":"2022-11-04","author":"Luke Stephens","title":"No rate limiting","subtitle":"Stopping attackers one request at a time","seoKeywords":["Api rate limiter","No rate limiting vulnerability owasp","What flaws can lead to exposure of resources","What is rate limiting","Rate limit API","Rate limiting"],"seoTitle":"No Rate Limiting | Tutorial & Examples","cves":[],"cwes":["CWE-134","CWE-307","CWE-770"],"description":"Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.","ecosystem":"javascript","ecosystems":["python","javascript","golang","php","java","csharp"],"rules":[],"slug":"no-rate-limiting","published":true,"url":"https://learn.snyk.io/lesson/no-rate-limiting/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4pbdHbsXrXBcyfKXjTQCyW/a942e7cd24ff7a27c5a8c5291201e44e/No_rate_limit.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"81d9c886-52aa-48c8-3a73-6fecb7df8a1a","datePublished":"2024-04-04","title":"Double free","subtitle":"Free your memory but be careful","seoTitle":"What is double free? | Tutorial and examples","cves":[],"cwes":["CWE-415"],"description":"Learn about the memory management flaw, double free, that occurs when a program releases the same memory block twice. Learn to mitigate and remediate the vulnerability.","ecosystem":"cpp","ecosystems":["cpp"],"rules":[],"slug":"double-free","published":true,"url":"https://learn.snyk.io/lesson/double-free/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5yLGB7jPXGU75N3kt4vsZ2/2eb7265251f4a6b5e8d8932ac5d2d119/double_free.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5e271a5b-a14a-4683-3a1b-68ae96b23dae","datePublished":"2022-11-18","title":"NoSQL injection attack","subtitle":"Attacking non-relational databases","seoKeywords":["Nosql injection","Mongodb injection","Nosql security","Sql injection mongoDB","Nosql attack","Nosql attack example","Mongodb injection attack","Nosql injection payload"],"seoTitle":"NoSQL Injection attack | Tutorials & Examples","cves":[],"cwes":["CWE-943"],"description":"Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information","ecosystem":"javascript","ecosystems":["javascript","cpp","csharp"],"rules":[],"slug":"nosql-injection-attack","published":true,"url":"https://learn.snyk.io/lesson/nosql-injection-attack/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/27nfnbvp15tBZLiZHXeASQ/ef09aaf6e9ebba1db07a2e73b8d39a8f/NoSQL_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f1ea0321-3209-4ab6-c561-6183a16bf12c","datePublished":"2023-04-04","author":"Michael Biocchi","title":"Mass assignment","subtitle":"Be careful with parameters that are automatically bound from requests to objects","seoKeywords":["mass assignment","mass assignment vulnerability example"],"seoTitle":"What is mass assignment? | Tutorial & examples","cves":[],"cwes":["CWE-915"],"description":"Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","php"],"rules":[],"slug":"mass-assignment","published":true,"url":"https://learn.snyk.io/lesson/mass-assignment/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2tslH7kFz8ynLUN05Y6I9Z/d09cfe2deba605b5b062737b0d6038cb/Mass_assignment.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"552843d9-4ac7-438e-e7a4-f94c0bcdd5cc","datePublished":"2024-02-06","title":"runc process.cwd Container breakout vulnerability","subtitle":"Looking at Leaky Vessels CVE-2024-21626","seoTitle":"CVE-2024-21626 Container breakout | Tutorial & examples","cves":["CVE-2024-21626"],"cwes":[],"description":"In this lesson, we will look at a very specific container breakout vulnerability, CVE-2024-21626. We'll look at the vulnerability in action and the mitigation.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"cve-2024-21626-runc-process-cwd-container-breakout","published":true,"url":"https://learn.snyk.io/lesson/cve-2024-21626-runc-process-cwd-container-breakout/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4YPEH5mApntedSVXZDcqk1/7d06677b2085cbf97fcb55ae10869638/leaky_vessels.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0bc16151-c6c6-4064-7e03-105407efbd60","datePublished":"2024-01-18","title":"Insecure default variable initialization","subtitle":"Default values can lead to unsafe outcomes","seoTitle":"What are insecure defaults? | Tutorial & examples","cves":[],"cwes":["CWE-453"],"description":"Learn what insecure default variable initialization is, how to mitigate it, and how to remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insecure-defaults","published":true,"url":"https://learn.snyk.io/lesson/insecure-defaults/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5Wdo4KqNlg757HRSNwFXX4/e531b3b36ed18f3935a9d7d407170461/Insecure_defaults.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5f84f5a2-5714-518d-064b-56741dd83fe6","datePublished":"2023-12-15","title":"Expression Language injection (ELI)","subtitle":"Protect your applications against Expression Language injection","seoTitle":"What is Express Language injection? | Tutorial & examples","cves":[],"cwes":["CWE-917"],"description":"Learn how Expression Language injection (ELI) works and how to protect your applications against it with real-world examples from security experts.","ecosystem":"java","ecosystems":["java"],"rules":[],"slug":"express-language-injection","published":true,"url":"https://learn.snyk.io/lesson/express-language-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1TkxLVsTGkaJHXZ5A5C7Uq/98390e495f83fbacf32fde380985b32a/Express_Language_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5029bacf-9ab9-4786-f7a5-7ea055a66104","datePublished":"2022-03-25","title":"Insecure deserialization","subtitle":"Improper handling of serialized data containing user input","seoTitle":"Insecure Deserialization | Tutorials & Examples","cves":["CVE-2022-23302","CVE-2022-23307"],"cwes":["CWE-502"],"description":"Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"java","ecosystems":["java","python","javascript"],"rules":[],"slug":"insecure-deserialization","published":true,"url":"https://learn.snyk.io/lesson/insecure-deserialization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/19r8TvFIedijMhexf5BNBZ/5bfc99a1cfa63abb4cbcfe858e7d71a6/Insecure_Deserialisation.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"773d6446-6ed0-5252-41d2-6fd839823109","datePublished":"2023-11-24","title":"Man-in-the-middle (MITM) attack","subtitle":"The dangers of intercepted connections","seoTitle":"What is a man in the middle attack? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn about man-in-the-middle attacks and the different forms they come in. We'll look at different examples and how to prevent them.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"man-in-the-middle-attack","published":true,"url":"https://learn.snyk.io/lesson/man-in-the-middle-attack/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4jfoG8kEyRfcF8a2dMzDZJ/a8dc3889f4d5d939c40befc284614c95/man-in-the-middle.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e1067383-80d5-5858-0ab0-93d7e9a8c62b","datePublished":"2023-11-21","title":"Common Vulnerabilities and Exposures (CVE)","subtitle":"Keeping track of vulnerabilities with CVE vulnerability database","seoTitle":"Common Vulnerabilities and Exposures (CVE) | Tutorial & examples","cves":[],"cwes":[],"description":"In this lesson, we describe how the CVE program brings standardization and information sharing to the vulnerability management activities of cybersecurity teams.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"cve","published":true,"url":"https://learn.snyk.io/lesson/cve/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3WFwOJC56FwkDGiCQWUm15/7c00fe2dbe3610e41be2facb95dcbac9/CVE.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7abf05eb-210d-502e-a1ad-062084a0d205","datePublished":"2022-08-05","author":"Luke Stephens","title":"Cross site request forgery (CSRF)","subtitle":"Combining malicious code and social engineering","seoKeywords":["csrf","Cross site request forgery","Csrf token","Csrf attack","Cross site request forgery token","What is csrf","Csrf example","Csrf detected"],"seoTitle":"CSRF Attack | Tutorial & Examples","cves":["CVE-2022-35229","CVE-2022-34792"],"cwes":["CWE-352"],"description":"Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts. ","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"csrf-attack","published":true,"url":"https://learn.snyk.io/lesson/csrf-attack/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3u8ecU0HGLMLMS7bWnpPaT/f67be1d9109be7a21181808147888825/CSRF.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5c4b9dcd-d92b-50cf-e47f-e342a85689d3","datePublished":"2023-11-03","title":"PHP object injection","subtitle":"Learn about a common, critical vulnerability in PHP applications","seoTitle":"What is PHP object injection? | Tutorial & example","cves":[],"cwes":["CWE-502","CWE-915"],"description":"Learn how a PHP object injection attack works and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"php","ecosystems":["php"],"rules":[],"slug":"object-injection","published":true,"url":"https://learn.snyk.io/lesson/object-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/21J2vDwXfgLxIIB7bnlb75/0841fd0beaef124b042d21feec719e0c/Object_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"60d2f08b-76e2-5271-03b6-b87c1567ab74","datePublished":"2023-10-26","author":"Ruben Bos","title":"Uncaught exception","subtitle":"Catch 'em all: protect your app from uncaught exceptions","seoTitle":"What is an uncaught exception? | Tutorial & examples","cves":[],"cwes":["CWE-248"],"description":"Learn about uncaught exceptions and the vulnerabilities they can cause. What are they? How can you prevent them? Learn to mitigate and remediate this vulnerability.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"uncaught-exception","published":true,"url":"https://learn.snyk.io/lesson/uncaught-exception/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2dJcekNGSnfK9E31DYtlNf/2e1c261486b5c8c37249de4a3fd713b7/Uncaught_exceptions.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"879208fa-bf3a-4ae0-d419-a0091b3e940a","datePublished":"2023-01-11","author":"Luke Stephens","title":"Weak password recovery","subtitle":"Recovering forgotten passwords is not as straightforward as it sounds!","seoKeywords":["weak password recovery","weak password recovery validation attack","weak password recovery mechanism for forgotten password","weak password mitigation"],"seoTitle":"What is weak password recovery? | Tutorial & examples","cves":[],"cwes":["CWE-640"],"description":"A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.","ecosystem":"javascript","ecosystems":["javascript","golang","python"],"rules":[],"slug":"weak-password-recovery","published":true,"url":"https://learn.snyk.io/lesson/weak-password-recovery/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7A5tr0APQuDGXwXFDuoDoX/664f48468efd1652528b95eebf6c280f/weak_password.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"af39c54a-aac0-43c1-46f7-36cdd1d1e50e","datePublished":"2021-01-07","author":"Patrick Debois","title":"Container is running in privileged mode","subtitle":"A user that has root access in a container with Privileged mode on basically is root on the host system","seoKeywords":["Docker security","securing Docker containers","Kubernetes","Capabilities","Docker cap add","Docker privileged","Docker capabilities","Kubernetes drop all capabilities","Kubernetes securitycontext","securitycontext capabilities"],"seoTitle":"Container runs in privileged mode | Tutorial & examples","cves":[],"cwes":[],"description":"Learn why using privileged mode on a container is a bad idea in almost all cases.","ecosystem":"kubernetes","ecosystems":["kubernetes"],"rules":["SNYK-CC-K8S-1"],"slug":"container-runs-in-privileged-mode","published":true,"url":"https://learn.snyk.io/lesson/container-runs-in-privileged-mode/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"83fa511d-24be-4e77-f29e-8f3727f66076","datePublished":"2021-09-07","author":"Patrick Debois","title":"Container does not drop all default capabilities","subtitle":"Default capabilities are not as strict as you think","seoKeywords":["Docker security","securitycontext capabilities","Kubernetes securitycontext","Kubernetes drop all capabilities","Docker capabilities","Docker privileged","Docker cap add","Kubernetes","Capabilities","securing Docker containers"],"seoTitle":"Container does not drop all default capabilities | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how to improve Kubernetes security by dropping default capabilities for a container.","ecosystem":"kubernetes","ecosystems":["kubernetes"],"rules":["SNYK-CC-K8S-6"],"slug":"container-does-not-drop-all-default-capabilities","published":true,"url":"https://learn.snyk.io/lesson/container-does-not-drop-all-default-capabilities/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/51sbWrHWiUR7zHNfD1dV6Y/b1a3f163a2cc461df26e06e77cbefff1/Container_default_capabilities_Kubernetes.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7dcf790f-e327-491c-cc2d-a719b55d76c6","datePublished":"2023-10-03","author":"Luke Stephens","title":"Insufficient encapsulation","subtitle":"Follow the principle of least privilege","seoKeywords":["Insufficient encapsulation"],"seoTitle":"What is an insufficient encapsulation? | Tutorial & examples","cves":[],"cwes":["CWE-1061"],"description":"Learn about insufficient encapsulation. What is it? How can you prevent it?","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insufficient-encapsulation","published":true,"url":"https://learn.snyk.io/lesson/insufficient-encapsulation/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5MEjv8rDLk2Yko6y7e4imG/265521d4c53a0ca8f44a0683ac0d8804/Insufficient_encapsulation.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"adcd9a1c-7f3b-454e-cede-433b33cd1ee7","datePublished":"2023-05-08","author":"Ruben Bos","title":"Use after free","subtitle":"The programmers definition of “gone but not forgotten”","seoTitle":"Use after free vulnerability | Tutorial & Examples","cves":[],"cwes":["CWE-416"],"description":"Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"cpp","ecosystems":["cpp"],"rules":[],"slug":"use-after-free","published":true,"url":"https://learn.snyk.io/lesson/use-after-free/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4dh9V9hsXSzIzXgX0cdcp8/27b5d844f3d1aa2a2d230212b521cf60/Use_after_free.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"be4a2ece-6507-4ed1-f3f1-d5d8d949c899","datePublished":"2021-09-15","author":"Simon Maple","title":"Directory traversal","subtitle":"Unintended disclosure of sensitive files","seoKeywords":["what is directory traversal","directory traversal","Path Traversal","directory traversal attack","directory traversal owasp","directory traversal vulnerability"],"seoTitle":"What is directory traversal? | Tutorial & examples","cves":["CVE-2022-31159","CVE-2022-24785"],"cwes":["CWE-26","CWE-24","CWE-25","CWE-23","CWE-22"],"description":"Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.","ecosystem":"javascript","ecosystems":["javascript","java","python","golang","csharp","php"],"rules":[],"slug":"directory-traversal","published":true,"url":"https://learn.snyk.io/lesson/directory-traversal/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2YuxATp9CjRMfYuOUlo3UA/14a0115da4aa90be1713c51ee8599cca/Directory_Traversal.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"dd39e4a2-b267-4b50-494e-49bca77ad865","datePublished":"2021-12-21","author":"Jessica Williams","title":"Log4Shell vulnerability","subtitle":"Protect your Log4j instances against malicious remote code execution (RCE)","seoKeywords":["log4j vulnerability explained","log4j vulnerability","log4shell","log4j exploit","log4j vulnerability fix","log4j rce","cve-2021-4428","how to fix log4j vulnerability","log4j vulnerability remediation","log4j vulnerability check","log4j impact"],"seoTitle":"What is Log4j vuln aka Log4Shell? | Tutorial & examples","cves":["CVE-2021-44228"],"cwes":[],"description":"Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.","ecosystem":"java","ecosystems":["java"],"rules":["SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720"],"slug":"log4shell","published":true,"url":"https://learn.snyk.io/lesson/log4shell/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5rAesOPCyEIjYaIYctyf8b/a872036e4d6b231ea0067c620c70916e/Log4Shell.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"42684a63-5e5d-51a2-3ac5-36c5e74bb201","datePublished":"2022-07-18","author":"Luke Stephens","title":"DOM XSS","subtitle":"Cross-site scripting attacks in the document object model","seoKeywords":["Dom based xss","Dom xss","Dom cross site scripting","Cross site scripting dom","Dom based xss examples","Dom xss payloads","Window location xss"],"seoTitle":"DOM Based XSS | Tutorial & Examples | Snyk Learn","cves":["CVE-2022-31103","CVE-2022-25069","CVE-2022-1555"],"cwes":["CWE-79"],"description":"Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"dom-based-xss","published":true,"url":"https://learn.snyk.io/lesson/dom-based-xss/","source":"cms","canonicalUrl":"https://learn.snyk.io/lessons/dom-based-xss/javascript/","img":"https://images.ctfassets.net/4un77bcsnjzw/7dRA4i9r7sBgH4xxpIC44t/2aa237d02dd165b2278fc211cac27f8a/DOM_XSS.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1ea797ad-59ff-4f18-f554-fcc19f42af62","datePublished":"2023-03-06","author":"Luke Stephens","title":"Insecure temporary file","subtitle":"Protect your applications against the dangers of insecure temporary files","seoKeywords":["insecure temporary file"],"seoTitle":"What is an insecure temporary file? | Tutorial & examples","cves":[],"cwes":["CWE-377","CWE-378","CWE-379"],"description":"Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insecure-temporary-file","published":true,"url":"https://learn.snyk.io/lesson/insecure-temporary-file/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4m4C7Kq4NZ3hoKrjNYZORO/e67c36041721e63531de3866a883e5ad/insecure_temporary_file.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"d6b2c7ba-6f1f-57cc-a1e9-15d10256ed91","datePublished":"2022-11-14","author":"Luke Stephens","title":"LDAP injection","subtitle":"Improper sanitization of LDAP queries","seoKeywords":["ldap injection","ldap injection attacks","ldap injection example"],"seoTitle":"What is LDAP injection? | Tutorial & examples","cves":[],"cwes":["CWE-90"],"description":"Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"python","ecosystems":["python"],"rules":[],"slug":"ldap-injection","published":true,"url":"https://learn.snyk.io/lesson/ldap-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2EuOPRBNZFkjtKvtK5fhk6/1c9019dde075bc02adfbff2ba8616f83/LDAP_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"97f9d95e-71ca-4eda-0d78-441302e117ed","datePublished":"2023-02-24","author":"Luke Stephens","title":"Cleartext storage of sensitive information in a cookie","subtitle":"Learn about the dangers of storing sensitive, unencrypted information in cookies","seoKeywords":["cleartext cookie","cleartext storage"],"seoTitle":"The dangers of storing cleartext sensitive information in a cookie? | Tutorial & examples","cves":[],"cwes":["CWE-315","CWE-312"],"description":"Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"cleartext-sensitive-information-in-cookie","published":true,"url":"https://learn.snyk.io/lesson/cleartext-sensitive-information-in-cookie/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2YPx78V8pPLktJSfSUtfjS/4bed918fd9a9e5a0e5dba38716bdfa74/cleartext_cookie.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"96371673-505f-4991-6fb0-d2dd95967ee4","datePublished":"2023-06-20","author":"Duncan Jepson","title":"Improper input validation","subtitle":"What's the first rule of input validation? Don't trust user input.","seoKeywords":["improper input validation"],"seoTitle":"What is improper input validation? | Tutorial & examples","cves":[],"cwes":["CWE-20"],"description":"Learn about the dangers of improper input validation and why you should never trust user input. Learn to mitigate and fix the vulnerability from experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"improper-input-validation","published":true,"url":"https://learn.snyk.io/lesson/improper-input-validation/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2JmE991hlZnG7zKVHjfV8F/1489d17365463bd494a798061ca29735/Improper_input.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"8d3bd38e-8404-45ba-e21a-77c82bce9390","datePublished":"2022-05-23","author":"Duncan Jepson","title":"Spring4Shell","subtitle":"Exploiting a remote code execution vulnerability","seoKeywords":["Spring4shell poc","Spring4shell exploit","CVE-2022-22965","Spring4shell vulnerability explained","spring4shell vulnerability","spring4shell CVE"],"seoTitle":"Spring4Shell RCE | Tutorials & examples","cves":["CVE-2022-22965"],"cwes":[],"description":"Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.","ecosystem":"java","ecosystems":["java"],"rules":["SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751"],"slug":"spring4shell","published":true,"url":"https://learn.snyk.io/lesson/spring4shell/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2BJOdmLIvBEcX3IvHZBihG/856cac01b86e2c39fbc940c7606636a8/Spring4Shell_Java.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"686b3b4e-3f78-541d-dcf7-14817f372383","datePublished":"2023-08-16","author":"Ruben Bos","title":"Type confusion","subtitle":"The dangers of assuming a type","seoKeywords":["type confusion","finding type confusion bugs","CWE-843"],"seoTitle":"What is type confusion? | Tutorial & examples","cves":[],"cwes":["CWE-843"],"description":"Learn about the dangers of type confusion and the dangers of assuming a type. Learn to mitigate and fix the vulnerability from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"type-confusion","published":true,"url":"https://learn.snyk.io/lesson/type-confusion/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4mxPecLE5qDDuYinVS4qV0/ae7eaafa51d99cfb24ea448d2b9e2bc0/Type_confusion.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"6ded5404-b531-4b2e-78b9-42a14d81b3fa","datePublished":"2023-09-08","author":"Luke Stephens","title":"Error messages containing sensitive information","subtitle":"Protect your applications against risky error messages","seoKeywords":["error messages containing sensitive information","CWE-209"],"seoTitle":"What is the risk of error messages with sensitive information? | Tutorial & examples","cves":[],"cwes":["CWE-209"],"description":"Learn about the dangers of generating error messages that contain sensitive information. Learn to mitigate and fix this vulnerability from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"error-message-with-sensitive-information","published":true,"url":"https://learn.snyk.io/lesson/error-message-with-sensitive-information/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1nPcqxtGvqymvT6pGy9iKX/bbbdf40a03cbd942d49d58d41d32f0c6/Generating_error_message_sensitive_info.svg","topics":[],"educationContentCategory":"security education"}]},"assignments":{"assignmentsListPageSize":10},"selectedEcosystem":{"selectedEcosystem":null},"reports":{"reportsListPageSize":10}},"VUE_QUERY_STATE":{"mutations":[],"queries":[{"state":{"data":[{"lessonId":"66ced330-7bec-49d9-5157-e0c61814b1ac","datePublished":"2025-03-28","title":"Immature software","subtitle":"OSS-RISK-8 Immature Software","seoTitle":"Immature software | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about immature software in open-source projects, its associated risks, and how to mitigate issues with best practices and thorough evaluation.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"immature-software","published":true,"url":"https://learn.snyk.io/lesson/immature-software/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5UdnfVbcgSMXHdqPcWm02i/4dc6c7b87d21b2619bfb28c4a2227462/OSS-8.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"91f466e8-fb3e-504c-06df-e00864c5b7d4","datePublished":"2025-03-17","title":"Snyk PR Checks in your Pull Request/Merge Request","subtitle":"Validating your code for application security vulnerabilities, in addition to open source security issues and license violations.","seoKeywords":["Snyk","Pull-request","Git","Sast","Application security testing","AI"],"seoTitle":"Snyk PR Checks in your Pull Request/Merge Request | Product Training","cves":[],"cwes":[],"description":"This lesson speaks to developers on how to navigate the pull request check, understand the issue, and then resolve it as part of a workflow.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"checking-your-code-with-pr-checks","published":true,"url":"https://learn.snyk.io/lesson/checking-your-code-with-pr-checks/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ctdrDWqZf6DZeMsiOdGTX/79260999a71e9758a19d04a056f50351/Training.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"70bf3b62-4a92-479c-0b27-7e866cedfbe2","datePublished":"2021-08-04","author":"Patrick Debois","title":"SQL injection (SQLi)","subtitle":"Improper handling of input during SQL query generation","seoKeywords":["SQL injection"],"seoTitle":"What is SQL injection (SQLi)? | Tutorial & examples","cves":[],"cwes":["CWE-89"],"description":"Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.","ecosystem":"java","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"sql-injection","published":true,"url":"https://learn.snyk.io/lesson/sql-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2autwO6C7mlB5d000pPJHn/8f2094ec1d72253e71c3a3c6fb7f6c1d/sql_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e948a26b-c79e-49ad-d5fa-60175c432ea8","datePublished":"2025-03-26","title":"License and Regulatory Risk","subtitle":"The fine print of copy/paste","seoTitle":"License and Regulatory Risk | Tutorial and examples","cves":[],"cwes":[],"description":"Learn the importance of managing license and regulatory risk effectively. This includes understanding licensing terms, ensuring compliance, and more.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"license-and-regulatory-risk","published":true,"url":"https://learn.snyk.io/lesson/license-and-regulatory-risk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/29Jxsj2gbiSiUD3e0QGNox/64094a20365785711a81a64f420d8756/OSS-7.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"36baa0ce-77a2-4b96-cfce-a2c201efc8e2","datePublished":"2022-08-18","author":"Jessica Williams","title":"XML external entity injection (XXE)","subtitle":"Injected untrusted data into an XML parser","seoKeywords":["Xml external entity","Xml entity","Xxe payload","Xml injection attack","Xxe","Xxe vulnerability","Xxe attack"],"seoTitle":"XXE attack | Tutorials & Examples","cves":["CVE-2022-32285","CVE-2022-31447","CVE-2022-34793"],"cwes":["CWE-611","CWE-91"],"description":"Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","java","python","csharp","cpp","golang","php"],"rules":[],"slug":"xxe","published":true,"url":"https://learn.snyk.io/lesson/xxe/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3Qb1jxl7eh5N9VrFke5BNo/4ca355209de3385e08fe147f0ec54e49/XXE.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e8b66657-64e2-577e-c758-81b5a30e42aa","datePublished":"2022-11-16","author":"Edgar Kussberg","title":"Code injection","subtitle":"Protect your applications against malicious code injection","seoKeywords":["javascript injection testing","sensitive information leakage","unvalidated input","source code management","web applications","parameters modification","java injection attacks"],"seoTitle":"What is code injection? | Tutorial & examples","cves":[],"cwes":["CWE-95","CWE-94","CWE-93","CWE-90","CWE-92","CWE-77","CWE-78"],"description":"Learn how to protect your applications against malicious code injection by exploiting a vulnerable web app as part of this Snyk Learn lesson.","ecosystem":"javascript","ecosystems":["javascript","java","python","php"],"rules":[],"slug":"malicious-code-injection","published":true,"url":"https://learn.snyk.io/lesson/malicious-code-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6uBL1O8QKLaKKu4m1C4WHE/6fd17009316b98be803793d1b7d7e1a5/Code_Injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"da080c48-e2a6-5668-2856-1715730b9a47","datePublished":"2025-03-20","title":"Untracked dependencies","subtitle":"Did we know that was there?","seoTitle":"Untracked dependencies | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how untracked dependencies arise, why they pose risks to application security, and how to protect your projects against these risks.","ecosystem":"python","ecosystems":["java","javascript","python","csharp","golang","php","cpp"],"rules":[],"slug":"untracked-dependencies","published":true,"url":"https://learn.snyk.io/lesson/untracked-dependencies/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1byrDMtp9Pgs6gxbLh7ZHx/42cf3f489b32a89671a061bfc55fd2e8/OSS-5.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"519fba64-07ef-47e9-1ba0-89bf6d8d6404","datePublished":"2025-03-17","title":"Outdated software in open source projects","subtitle":"Update at a later time","seoTitle":"Outdated software | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about outdated software risks in open source projects, how they impact your application, and how to mitigate these vulnerabilities.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"outdated-software","published":true,"url":"https://learn.snyk.io/lesson/outdated-software/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5c0S3F3kDeEw3SaqLl61BJ/06e9fbed83542050fb9e48b3f8382f6a/OSS-5.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"93783544-1ed0-4f33-2803-ad11ed266baa","datePublished":"2023-09-29","title":"Using Snyk in an IDE","subtitle":"Enabling developers to build secure software","seoKeywords":["IDE","VSCode","IntelliJ","Eclipse","Visual Studio","DeepCode AI","AI Fix"],"seoTitle":"Using Snyk in an IDE | Snyk Training","cves":[],"cwes":[],"description":"Learn to install, authenticate, and configure the Snyk IDE plugin, followed by validating and fixing issues with your open-source dependencies, code, IaC, and containers.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-in-an-ide","published":true,"url":"https://learn.snyk.io/lesson/snyk-in-an-ide/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/Cux0MK7z7iaL3ucljEZVU/f08b67d8029910e1b639573c058f318b/Introduction_to_using_Snyk_in_an_IDE.svg","topics":["IDE"],"educationContentCategory":"product training"},{"lessonId":"c17aea7e-60e4-4b5d-aa09-e468e39f6353","datePublished":"2025-03-05","title":"Unmaintained software","subtitle":"The risks of unsupported libraries","seoTitle":"Unmaintained software | Tutorial and examples","cves":[],"cwes":[],"description":"Understand how unmaintained software can lead to potential security risks with your application and learn strategies around dependency management and fallback planning.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"unmaintained-software","published":true,"url":"https://learn.snyk.io/lesson/unmaintained-software/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2WwRFuLHHJYHDwsVnPvzW4/ef1db93ed4a59339f2ccd14e7df7a908/OSS-4.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f96ada59-ff91-5610-129f-4654060b837b","datePublished":"2025-03-05","title":"Name confusion attacks","subtitle":"Watch out for deceptive names","seoTitle":"Name confusion attacks | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about name confusion attacks, their implications, and how to mitigate and remediate them with insights and real-world examples from security experts.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"name-confusion-attacks","published":true,"url":"https://learn.snyk.io/lesson/name-confusion-attacks/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3Svrq2iMSov4TNajiPJuGq/af1e266ee162f3f8cc92df2165deb55d/OSS-3.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5c035270-4033-4926-da6f-c8b391db9b95","datePublished":"2025-03-05","title":"Compromise of legitimate package","subtitle":"Spotting and stopping compromised packages","seoTitle":"Compromise of legitimate package | Tutorial and examples","cves":[],"cwes":[],"description":"Understand how legitimate packages can be compromised and the safeguards that can protect your development and production environments.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"compromise-of-legitimate-package","published":true,"url":"https://learn.snyk.io/lesson/compromise-of-legitimate-package/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/284Ga3R9kTgAC84mvGb6wZ/02fea43ee7a65187ba68765b63fc9235/OSS-2.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"8dbf5cdb-7156-4bec-a941-4fc7d36046e3","datePublished":"2025-03-05","title":"Known vulnerabilities in dependencies","subtitle":"Making sure your dependencies are secure","seoTitle":"Known vulnerabilities in dependencies | Tutorial and examples","cves":[],"cwes":[],"description":"Understand how vulnerable dependencies can compromise your application security and learn strategies to prevent exploitation.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"known-vulnerabilities-in-dependencies-broken","published":true,"url":"https://learn.snyk.io/lesson/known-vulnerabilities-in-dependencies-broken/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7qan5AafAifozWWoC2x7M3/492f3faec5daa0c5ee7b0e4af0bf8b63/OSS-1.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"cd0b4c2b-b6c9-4c04-f3dd-4094a2819b36","datePublished":"2025-02-05","title":"Improper inventory management","subtitle":"Keeping track of API endpoints","seoTitle":"Improper inventory management | Tutorial and examples","cves":[],"cwes":["CWE-1059"],"description":"Discover how a lack of API asset management leads to security breaches and learn the best practices for API security.","ecosystem":"python","ecosystems":["java","python","javascript","csharp","golang","php"],"rules":[],"slug":"improper-inventory-management","published":true,"url":"https://learn.snyk.io/lesson/improper-inventory-management/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2chTjQq8Sir2OklQJWhCJc/45161b96794f7e3330739f42b4c0387b/inventory_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7ebd499c-973e-4ec0-4d93-07dbe68a9d9b","datePublished":"2025-02-03","title":"API security misconfiguration","subtitle":"Understand and secure your APIs by identifying and fixing misconfigurations at every level of the stack","seoTitle":"API security misconfigurations | Tutorial and examples","cves":[],"cwes":["CWE-2"],"description":"Learn how API security misconfiguration vulnerabilities manifest, how to protect your APIs, understand the risks, and see how to mitigate such threats.","ecosystem":"python","ecosystems":["java","javascript","python","csharp","php","golang"],"rules":[],"slug":"security-misconfiguration-api","published":true,"url":"https://learn.snyk.io/lesson/security-misconfiguration-api/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4xBq73JGgboE0qkcpRXtHn/29a09c34e57981528f60a49ea0fddbaa/security_misconfig_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"2bcea8ed-fb48-4563-9c1a-10e37bbf70c6","datePublished":"2025-01-21","title":"Broken function level authorization","subtitle":"Exploiting improperly secured API functions","seoTitle":"Broken function level authorization | Tutorial and examples","cves":[],"cwes":["CWE-285"],"description":"Learn how attackers exploit improperly secured API functions and how to protect your application from these vulnerabilities.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"broken-function-level-authorization","published":true,"url":"https://learn.snyk.io/lesson/broken-function-level-authorization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2NdIxOQoDCrbafivNcUtme/3b14bae1f573179efc8ab2368ccb69b5/broken_function_level_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"eb44604a-48e2-49af-d86b-8ddc2ead52b0","datePublished":"2025-01-20","title":"Unrestricted resource consumption","subtitle":"WARNING: High frequency of upload requests detected","seoTitle":"Unrestricted resource consumption | Tutorial and examples","cves":[],"cwes":["CWE-400"],"description":"Learn about unrestricted resource consumption, how it works, and how to protect your APIs against it with code examples and mitigation techniques.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"unrestricted-resource-consumption","published":true,"url":"https://learn.snyk.io/lesson/unrestricted-resource-consumption/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/9SWVHCwI8NEqWiXQfoNht/2f6833c20a80689a54aa94e751a28799/broken_object_level_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"12cde434-5fcb-4c9c-92d0-c4040b735a77","datePublished":"2025-02-04","title":"Broken authentication","subtitle":"Preventing brute force (and more)","seoTitle":"Broken authentication | Tutorial & examples","cves":[],"cwes":["CWE-307"],"description":"Learn about broken authentication and how it can compromise an API's security. We'll explore how attackers exploit these vulnerabilities and mitigation strategies.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","php","golang"],"rules":[],"slug":"broken-authentication","published":true,"url":"https://learn.snyk.io/lesson/broken-authentication/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4M2rVIUCh64KV7AffyBAz9/0ce86e53f2e227da2ce09f8617e32f25/broken_auth_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"215947a8-d678-50aa-56e0-270c983b4c48","datePublished":"2025-01-07","title":"Broken object level authorization","subtitle":"Failing to enforce proper permissions","seoTitle":"What is broken object level authorization? | Tutorial & examples","cves":[],"cwes":["CWE-639"],"description":"Learn about broken object level authorization and how APIs tend to expose endpoints. We'll look at examples and mitigations of this vulnerability.","ecosystem":"javascript","ecosystems":["javascript","python","java","csharp","golang","php"],"rules":[],"slug":"broken-object-level-authorization","published":true,"url":"https://learn.snyk.io/lesson/broken-object-level-authorization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5cZg4eHNM7asSjZXtqUNqK/77d65e13513f51706ad5e0236d193aab/bola_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1f599cc7-cd1f-4d3a-5e70-a5e6e4641998","datePublished":"2024-04-29","title":"Snyk AppRisk - Secrets detection coverage with Nightfall AI","subtitle":"Product training","seoKeywords":["Nightfall","Secrets Detection","Secrets","Snyk AppRisk"],"seoTitle":"Snyk AppRisk - Secrets detection coverage with Nightfall AI | Snyk Training","cves":[],"cwes":[],"description":"Learn how to configure Snyk AppRisk with Nightfall AI and utilize the data for powerful policies, coverage validation, and reporting.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-nightfall-ai","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-nightfall-ai/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1VKrUiVwVIiPNgUokSuX8a/6d1186da7a42acc5af49397b2fa9b648/AppRisk_-_Nightfall.svg","topics":["Snyk AppRisk","Asset Management","Integrations"],"educationContentCategory":"product training"},{"lessonId":"6449297c-8f1e-49e6-eedb-aad07d111dcd","datePublished":"2024-04-29","title":"Snyk AppRisk - Secrets detection coverage with GitGuardian","subtitle":"Product training","seoKeywords":["GitGuardian","Secrets Detection","Secrets","Snyk AppRisk"],"seoTitle":"Snyk AppRisk - Secrets detection coverage with GitGuardian | Snyk Training","cves":[],"cwes":[],"description":"Learn how to configure Snyk AppRisk with GitGuardian and utilize the data for powerful policies, coverage validation, and reporting.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-gitguardian","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-gitguardian/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7GZwP369rcJ7i90JUzVmhi/82f3b933f1f100057c3bc09bb6711e80/AppRisk_-_Gitguardian.svg","topics":["Snyk AppRisk","Asset Management","Integrations"],"educationContentCategory":"product training"},{"lessonId":"ab3f6f4c-3a45-4388-32b0-5f97e24d46b6","datePublished":"2025-02-10","title":"Unsafe consumption of APIs","subtitle":"Don't always trust external data sources","seoTitle":"Unsafe consumption of APIs | Tutorial and examples","cves":[],"cwes":[],"description":"Discover how the unsafe consumption of APIs can lead to security breaches and learn the best practices for API security.","ecosystem":"python","ecosystems":["javascript","java","python","csharp","golang","php"],"rules":[],"slug":"unsafe-consumption-api","published":true,"url":"https://learn.snyk.io/lesson/unsafe-consumption-api/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3qiu0PZaTLjZrE4Oajlhc7/f747297996d36c8e25e0b7485ec7f71f/Unsafe_consumption_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0919a399-328e-4e56-1e9a-e483dea63206","datePublished":"2025-02-12","title":"ServiceNow - Vulnerability assignment rules","subtitle":"ServiceNow Workflows","seoKeywords":["ServiceNow","Snyk","Vulnerability"],"seoTitle":"ServiceNow - Vulnerability assignment rules | Product Training","cves":[],"cwes":[],"description":"Learn how to create vulnerability assignment rules for ServiceNow","ecosystem":"general","ecosystems":[],"rules":[],"slug":"service-now-vulnerability-assignment-rules","published":true,"url":"https://learn.snyk.io/lesson/service-now-vulnerability-assignment-rules/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ZdWVHWp9uRj9b4S53wVvk/3ccf71b1b150523a22e2f1da7f97957d/AppRisk_-_Servicenow.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"82b2a607-46e7-5440-ec9f-0f9ce1a0e475","datePublished":"2023-10-16","title":"Using Issue Analytics (Tenant->Analytics->Issues)","subtitle":"An enterprise plan feature","seoKeywords":["analytics"],"seoTitle":"Using Issue Analytics | Snyk Training","cves":[],"cwes":[],"description":"This lesson will provide an overview of a feature for Issue Analytics available for enterprise customers.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"using-issue-analytics","published":true,"url":"https://learn.snyk.io/lesson/using-issue-analytics/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/eDBUjcIh7lSOxQfUpK62P/c2972f8fd1b908e039fd344af7880343/Enterprise_Analytics.svg","topics":["Reporting","Analytics","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"b0e71b34-889c-4b4a-8b1f-0daf3ea3c60d","datePublished":"2024-05-01","title":"Snyk AppRisk - Using Application Analytics (Tenant->Analytics->Applications)","subtitle":"Product training","seoKeywords":["Snyk AppRisk","Analytics"],"seoTitle":"Snyk AppRisk - Using Application Analytics (Tenant->Analytics->Applications) | Snyk Training","cves":[],"cwes":[],"description":"Snyk AppRisk Application Analytics helps organizations understand coverage, potential gaps and trends across the applications they own. This lesson provides an overview.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-application-analytics","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-application-analytics/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6XyrpS3XcRAzhiRFNPT6rL/1e5028247c20a90fa16eef1489eaa852/AppRisk_-_Analytics.svg","topics":["Reporting","Analytics","Snyk AppRisk"],"educationContentCategory":"product training"},{"lessonId":"a966fb0f-bb22-4b42-04f4-03025a30e4b8","datePublished":"2025-01-26","title":"Prioritizing issues with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Issues","Priorization","Insights","Snyk AppRisk","Snyk Essentials"],"seoTitle":"Prioritizing Issues (Issues and Issue Insights) | Snyk Training","cves":[],"cwes":[],"description":"Using Issues (Snyk Enterprise Plan) and Issue Insights (Snyk AppRisk) to review and prioritize issues.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"issue-prioritization","published":true,"url":"https://learn.snyk.io/lesson/issue-prioritization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk Essentials","Enterprise","Snyk AppRisk","Issues","Asset Management"],"educationContentCategory":"product training"},{"lessonId":"5fedf3f1-b059-449e-9950-3e2c7bccce80","datePublished":"2021-09-15","author":"Krzysztof Huszcza","title":"Cross-site scripting (XSS)","subtitle":"Executing untrusted code in a trusted context.","seoKeywords":["cross-site scripting"],"seoTitle":"What is cross-site scripting (XSS)? | Tutorial & examples","cves":[],"cwes":["CWE-83","CWE-82","CWE-81","CWE-79","CWE-80"],"description":"Learn about XSS and how to protect your code from various cross-site scripting (XSS) attacks.","ecosystem":"javascript","ecosystems":["javascript","java","python","csharp","golang","php","cpp"],"rules":[],"slug":"xss","published":true,"url":"https://learn.snyk.io/lesson/xss/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5YDiQbdoZg2kM4Fw575uj1/373d73f2bfa32c9c45d437ea8b8d0b68/XSS.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"74770172-4051-52ac-3ea3-6c8a340acd97","datePublished":"2024-04-29","title":"Snyk Essentials - Application context with Backstage software catalog","subtitle":"Product training","seoKeywords":["Snyk AppRisk","Backstage","Snyk Essentials"],"seoTitle":"Snyk Essentials - Application context with Backstage software catalog | Snyk Training","cves":[],"cwes":[],"description":"This lesson provides a quick overview of the configuration and where application context can be leveraged across Snyk.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-essentials-backstage-software-catalog-application-context","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-backstage-software-catalog-application-context/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk Essentials","Snyk AppRisk","Enterprise","Asset Management"],"educationContentCategory":"product training"},{"lessonId":"e0d65c9d-2b6d-51c2-12ce-eb93060d9e54","datePublished":"2024-09-09","title":"Snyk Essentials - Application context with ServiceNow® CMDB","subtitle":"Product Training","seoKeywords":["ServiceNow CMDB","Snyk Essentials","Snyk AppRisk"],"seoTitle":"Snyk Essentials - Application context with ServiceNow® CMDB | Snyk Training","cves":[],"cwes":[],"description":"This lesson provides a quick overview of the configuration and where application context can be leveraged across Snyk.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-essentials-servicenow-cmdb-application-context","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-servicenow-cmdb-application-context/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ZdWVHWp9uRj9b4S53wVvk/3ccf71b1b150523a22e2f1da7f97957d/AppRisk_-_Servicenow.svg","topics":["Snyk AppRisk","Integrations","Asset Management","Snyk Essentials"],"educationContentCategory":"product training"},{"lessonId":"824927c0-1bad-4c06-a6d3-ae6324e3afd7","datePublished":"2024-08-19","title":"Model theft","subtitle":"Protecting a valuable asset","seoTitle":"What is model theft? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn about model theft (LLM10) in the OWASP Top 10 for LLM applications. We'll look at what it is and how to mitigate it.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"model-theft-llm","published":true,"url":"https://learn.snyk.io/lesson/model-theft-llm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2eR570QfnjsqXJk39BeSSe/36a73fde509e02331b6c7fa95ccba090/supply-chain-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"af794526-aa3b-476b-9d20-6806ea87f0b6","datePublished":"2025-01-28","title":"Unrestricted access to sensitive business flows","subtitle":"Going, going, gone!","seoTitle":"Unrestricted access to sensitive business flows | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how to identify and secure sensitive business flows in your APIs. Walk through examples of code to see this vulnerability in action.","ecosystem":"python","ecosystems":["python","javascript","java","csharp","golang","php"],"rules":[],"slug":"unrestricted-access-to-sensitive-business-flows","published":true,"url":"https://learn.snyk.io/lesson/unrestricted-access-to-sensitive-business-flows/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/rrCN6QRynvvuB7pZNsZHE/3f5d34a23f9f89f14b4291efd0b4d2a8/Unrestricted_access_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"6a6dfe46-5d86-4acf-8430-50a35d5dd6e9","datePublished":"2021-09-10","author":"Krzysztof Huszcza","title":"Prototype pollution","subtitle":"Exposing the default prototype by calling unsafe recursive functions with untrusted data as input","seoKeywords":["prototype pollution"],"seoTitle":"What is prototype pollution? | Tutorial & examples","cves":[],"cwes":["CWE-1321"],"description":"Learn what JavaScript prototype pollution is and how to prevent it.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"prototype-pollution","published":true,"url":"https://learn.snyk.io/lesson/prototype-pollution/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5VUry3Yv8gRAXJzS1jZYlR/a3cf3e269c601baffa4668b0a456d775/Prototype_pollution.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"33372a3d-eedc-498a-c3b6-76185b47b0aa","datePublished":"2023-01-03","author":"Luke Stephens","title":"Insecure Randomness","subtitle":"Not all randomness is created equally","seoKeywords":["insecure randomness","randomness"],"seoTitle":"What is insecure randomness? | Tutorial & examples","cves":[],"cwes":["CWE-1344","CWE-330","CWE-331","CWE-335","CWE-338","CWE-1241"],"description":"Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insecure-randomness","published":true,"url":"https://learn.snyk.io/lesson/insecure-randomness/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7jJGsgWfggQ6qp8qTSdXKx/01a180f1bc1c4ebd154b04043e73224d/Randomness.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"9803d61b-51cf-4afe-4080-35a5b08b0eaf","datePublished":"2022-09-22","author":"Michael Biocchi","title":"Insecure hash","subtitle":"Using strong hashes to store passwords","seoTitle":"What is an insecure hash? | Tutorial & examples","cves":[],"cwes":["CWE-916","CWE-816","CWE-759","CWE-310","CWE-326","CWE-327","CWE-328"],"description":"Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization","ecosystem":"javascript","ecosystems":["javascript","python","csharp","golang","php","cpp","java"],"rules":[],"slug":"insecure-hash","published":true,"url":"https://learn.snyk.io/lesson/insecure-hash/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/BC2wtjpCyiKgSsTzg1aJ0/d7244a4e787f0d0d6802f4cb811e7587/Insecure_hash.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"a1bc4726-19b8-49ea-ec60-8aaa85ba492b","datePublished":"2022-02-18","author":"Edgar Kussberg","title":"Open redirect","subtitle":"Improper validation of front-end provided redirect links","seoKeywords":["Open redirect vulnerability fix","Malicious redirects","Open redirect vulnerability","Unvalidated redirects and forwards","Open redirection vulnerability","Redirect attack","Open redirect"],"seoTitle":"Open redirect vulnerability | Tutorials & examples","cves":["CVE-2022-27256","CVE-2022-29214","CVE-2022-2250","CVE-2022-33146"],"cwes":["CWE-601"],"description":"Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.","ecosystem":"javascript","ecosystems":["php","golang","csharp","java","javascript","python"],"rules":[],"slug":"open-redirect","published":true,"url":"https://learn.snyk.io/lesson/open-redirect/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/Rm6D12c4VPNUOStmxzwuf/d75d5ef7922539ed9dd0920395aef9c6/Open_redirect.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ca8347b3-370f-4ea6-06d9-57916e65ef9d","datePublished":"2024-04-23","title":"Snyk AppRisk Pro - Issue Insights Overview","subtitle":"Product training","seoTitle":"Snyk AppRisk Pro - Issue Insights Overview | Snyk Training","cves":[],"cwes":[],"description":"Overview on requirements for setup and usage of Snyk AppRisk Pro's Insights feature.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-insights-overview","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-insights-overview/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2NcsYuthi2tlU9pdWjAnMH/3b3a2cf1dee4c1cb9655de56a5761622/AppRisk_-_Insights.svg","topics":[],"educationContentCategory":"product training"},{"lessonId":"4ca2f164-e446-4b20-dd32-f80e3cb792e7","datePublished":"2023-12-12","title":"Snyk AppRisk Essentials","subtitle":"Product training","seoTitle":"Snyk AppRisk Essentials | Snyk Training","cves":[],"cwes":[],"description":"A brief overview of Application Security Posture Management (ASPM), followed by deep training on Snyk Apprisk Essentials setup and usage.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-apprisk-essentials","published":true,"url":"https://learn.snyk.io/lesson/snyk-apprisk-essentials/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":[],"educationContentCategory":"product training"},{"lessonId":"8e1a8dc1-2a05-4eb1-c870-57564e96717c","datePublished":"2025-01-26","title":"Integrations for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Snyk Essentials","Snyk AppRisk","Asset Management","Integrations"],"seoTitle":"Integrations for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"In this lesson you will learn the core capabilities and initial integrations with Snyk Essentials and additional capabilities introduced with the purchase of Snyk AppRisk","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-integrations","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-integrations/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk Essentials","Snyk AppRisk","Enterprise","Asset Management"],"educationContentCategory":"product training"},{"lessonId":"0932c3cf-0358-496f-b613-4ed8d8fe52a3","datePublished":"2025-01-26","title":"Reviewing Inventory for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Asset Management","Snyk Essentials","Snyk AppRisk","Inventory"],"seoTitle":"Reviewing Inventory for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"The Inventory provides a central, filterable view of all the detected assets, their control coverage, and essential metadata.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-inventory","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-inventory/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk AppRisk","Snyk Essentials","Asset Management","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"f5bd9135-472e-4b48-a066-befa664b2988","datePublished":"2025-01-26","title":"Asset Dashboard report for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Asset Management","Snyk Essentials","Snyk AppRisk","Asset Dashboard"],"seoTitle":"Asset Dashboard report for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"Snyk Enterprise and Snyk AppRisk customers have access to an asset report providing coverage details , asset information, and application context availability.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-asset-dashboard","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-asset-dashboard/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Asset Management","Snyk Essentials","Snyk AppRisk","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"bdd387c0-5653-4b7f-6cb6-98d89b0d4a11","datePublished":"2025-01-26","title":"Policies for asset management and discovery with Snyk Essentials and Snyk AppRisk","subtitle":"Product Training","seoKeywords":["Snyk Essentials","Snyk AppRisk","Asset Management","Policies"],"seoTitle":"Policies for asset management and discovery with Snyk Essentials and Snyk AppRisk | Snyk Training","cves":[],"cwes":[],"description":"In this lesson you will learn the core policy capabilities with Snyk Essentials and additional capabilities introduced with the purchase of Snyk AppRisk","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-policies","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-policies/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Asset Management","Snyk AppRisk","Snyk Essentials","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"2520a38d-83c2-46bd-dd77-eb7401391e95","datePublished":"2022-09-12","title":"Regular expression denial of service (ReDoS)","subtitle":"Protecting your application from malicious regular expressions","seoKeywords":["redos attack","evil regex","regular expression denial of service\t","regex denial of service\t","regex ddos\t","redos vulnerability\t","What is redos"],"seoTitle":"ReDoS | Tutorial & Examples","cves":["CVE-2021-3777","CVE-2022-36034","CVE-2022-31781","CVE-2022-31147","CVE-2022-29169","CVE-2022-25887"],"cwes":["CWE-1333","CWE-185","CWE-400"],"description":"Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"redos","published":true,"url":"https://learn.snyk.io/lesson/redos/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/G2yqZdq9epordbCaSKuGW/c12cc2ef5ce8cffe9151cc2c871d9166/reDOS.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"4eb86c8f-c28f-4a1b-6801-4e3041c26ed8","datePublished":"2025-01-26","title":"Overview of Snyk Essentials and Snyk AppRisk for asset management and discovery","subtitle":"Product Training","seoKeywords":["Snyk Essentials","AppRisk","Asset Management"],"seoTitle":"Overview of Snyk Essentials and Snyk AppRisk for asset management and discovery | Snyk Training","cves":[],"cwes":[],"description":"Snyk Essentials, an overview of asset management and discovery for Snyk Enterprise customers, and capabilities introduced with the additional purchase of Snyk AppRisk","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-overview","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-overview/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":["Asset Management","Snyk AppRisk","Snyk Essentials","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"e48bc362-74ea-58bb-a97d-7a5af2597bbc","datePublished":"2025-01-26","title":"Snyk Essentials and AppRisk terminology for asset management and discovery","subtitle":"Terminology related to asset management and discovery","seoKeywords":["Asset Management","Snyk Essentials","Snyk AppRisk","Terminology"],"seoTitle":"Snyk Essentials and Snyk AppRisk terminology for asset management and discovery | Snyk Training","cves":[],"cwes":[],"description":"The following terminology is used by Snyk Essentials and Snyk AppRisk for asset management and discovery related features.","ecosystem":"general","ecosystems":[],"rules":[],"slug":"snyk-essentials-and-snyk-apprisk-terminology","published":true,"url":"https://learn.snyk.io/lesson/snyk-essentials-and-snyk-apprisk-terminology/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1WHaj3tABmcPOBPOl4I5xO/0376d8c2f7bc6451520069617ec001e3/AppRisk.svg","topics":["Snyk AppRisk","Snyk Essentials","Asset Management","Enterprise"],"educationContentCategory":"product training"},{"lessonId":"83bc3aa6-df84-478c-8b46-f8499a60129f","datePublished":"2025-01-17","title":"Broken object property level authorization","subtitle":"Failing to enforce access control","seoTitle":"Broken object property level authorization | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how API misconfigurations can expose sensitive object properties, leading to unauthorized access or manipulation.","ecosystem":"python","ecosystems":["python","java","javascript","csharp","golang","php"],"rules":[],"slug":"broken-object-property-level-authorization","published":true,"url":"https://learn.snyk.io/lesson/broken-object-property-level-authorization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4hyMvzrMjtewMy9sdT4GJP/5b8563b77e17745e178d491411cb06ae/broken_object_level_-_API.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0f4eca75-f160-43f7-ade0-83ca2e1376e9","datePublished":"2023-04-14","author":"Ruben Bos","title":"Memory leaks","subtitle":"Your code might run now, but will it in the future?","seoKeywords":["Memory leaks","how to fix memory leaks"],"seoTitle":"What are memory leaks? | Tutorial & examples","cves":[],"cwes":["CWE-401"],"description":"Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","golang","python","php","java","csharp","cpp"],"rules":[],"slug":"memory-leaks","published":true,"url":"https://learn.snyk.io/lesson/memory-leaks/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7fK1Lch8WYrJTgAEybW0S2/0e2144fca02b433ba5db4f679700d1b9/Memory_leaks.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5b33ca5c-6cbf-4879-553b-ed9f98277d71","datePublished":"2024-12-19","title":"Race condition","subtitle":"Also known as: concurrent execution using shared resource with improper synchronization","seoTitle":"What is a race condition? | Tutorial & examples","cves":[],"cwes":["CWE-362"],"description":"Learn about race conditions and the dangers of concurrency! We'll look at how to mitigate and remediate this vulnerability with real-world examples. ","ecosystem":"python","ecosystems":["python","java"],"rules":[],"slug":"race-condition","published":true,"url":"https://learn.snyk.io/lesson/race-condition/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1ZHKbycUrMUnHqnpvUNJBi/c2def9127e55e4a94da525bcb6106681/Race_condition.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1cb11a43-cd36-4dcb-1310-17f1815eaf91","datePublished":"2023-02-01","author":"Luke Stephens","title":"XPath injection","subtitle":"Construct XPath queries to guard against malicious input","seoKeywords":["xpath injection","xpath injection payload","xpath injection attack","xpath examples"],"seoTitle":"What is an XPath injection? | Tutorial & examples","cves":[],"cwes":["CWE-643"],"description":"Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","python","golang","java","csharp"],"rules":[],"slug":"xpath-injection","published":true,"url":"https://learn.snyk.io/lesson/xpath-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/63ZImC7nZlyw2eK0CMzKl3/35a6cbc01b775a2effe2c064a6854647/XPath_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e9754de0-b3d7-4e89-bd07-53835c4dd7cf","datePublished":"2024-10-01","title":"Hidden functionality","subtitle":"One person's buried treasure is another's landmine","seoTitle":"What is hidden functionality? | Tutorial & examples","cves":[],"cwes":["CWE-912"],"description":"In this lesson, we'll examine hidden functionality and discuss how to mitigate and remediate this vulnerability with real-world examples. ","ecosystem":"python","ecosystems":["python","php","golang","javascript","java","cpp","csharp"],"rules":[],"slug":"hidden-functionality","published":true,"url":"https://learn.snyk.io/lesson/hidden-functionality/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2Q6Bh8kjcw8prEfkTAP7gC/5bcd19846918b5b8bf4d6097c410442b/Hidden_Functionality.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1524522f-b4a5-41e5-8c95-6c1d3e5c38dc","datePublished":"2023-09-12","title":"Intro to Snyk","subtitle":"Snyk interface and initial setup for first time user","seoTitle":"Intro to Snyk | Snyk Training","cves":[],"cwes":[],"description":"Learn some key concepts and tasks you'll need for integrating Snyk into your workflows including how to navigate the Snyk interface.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"intro-to-snyk","published":true,"url":"https://learn.snyk.io/lesson/intro-to-snyk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4YKN6bK1oMcpRiNOapYJwN/eaaa4bdfc01159c18159f82ae285a9b6/Introduction_to_the_Snyk_UI.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"f0ca0d2c-2fdf-52e1-a618-f2da8f6d526f","datePublished":"2023-09-15","title":"Tenants, Groups and Organizations | Snyk Training","subtitle":"Organizing your Projects and controlling access","seoKeywords":["Tenant","Snyk"],"seoTitle":"Tenants, groups and organizations | Snyk Training","cves":[],"cwes":[],"description":"Learn about the structure hierarchy within Snyk and discover considerations for planning your rganizational structure.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"groups-and-organizations","published":true,"url":"https://learn.snyk.io/lesson/groups-and-organizations/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5sH6YS0INqo4xkVP2ET8bs/f06836adc769b9962d3e9069db1871c3/Snyk_account_structure.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"ff20d776-4605-5230-5303-1bc0b85601bd","datePublished":"2024-07-10","title":"Missing encryption","subtitle":"Some things shouldn't be in plaintext","seoTitle":"What is missing encryption? | Tutorial & examples","cves":[],"cwes":["CWE-311"],"description":"Learn about encryption and the danger of not using it! We'll look at how to mitigate and remediate this vulnerability with real-world examples. ","ecosystem":"python","ecosystems":["python","php","javascript","java","golang","cpp","csharp"],"rules":[],"slug":"missing-encryption","published":true,"url":"https://learn.snyk.io/lesson/missing-encryption/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/19HVirkgQ5vLcrFncBDVfr/baa56ed7d2b7b01a4a57f5c017ea350e/Missing_encryption.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"436fc6ea-5b6a-48ac-ca94-8fd3b8b5ca43","datePublished":"2024-07-10","title":"Snyk Github Cloud App","subtitle":"A Snyk source code management integration into GitHub Cloud","seoKeywords":["GitHub","GitHub Cloud"],"seoTitle":"Snyk Github Cloud App | Snyk Training","cves":[],"cwes":[],"description":"Installation and migration instructions for Snyk Github Cloud App integration","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-github-cloud-app","published":true,"url":"https://learn.snyk.io/lesson/snyk-github-cloud-app/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/xr7nYm1YPR48nhc3sXDiv/c0613b3692e62e4805f4bbfe9ef5a455/Snyk_Github.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"600759fc-a3a4-4ce9-3cb2-3dbe41ddbf12","datePublished":"2024-12-06","title":"Session persistence after logout","subtitle":"Gone but not forgotten: a developer's guide to a secure logout","seoKeywords":["CWE-613","session persistence"],"seoTitle":"Session persistence after logout | Tutorial & Examples","cves":[],"cwes":["CWE-613"],"description":"Learn about what happens when logging out doesn't invalidate the session. We'll look at an example of this in action!","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"session-persistence","published":true,"url":"https://learn.snyk.io/lesson/session-persistence/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3j2VpLmTMTmA3LpL5gyuTx/0103594387c09a93342cce48203e235d/Session.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7a6df7c2-f8d2-54ac-f982-1207ca75d247","datePublished":"2023-01-04","author":"Luke Stephens","title":"Logging vulnerabilities","subtitle":"Logging... too much or too little?","seoKeywords":["secure logging","logging","javascript logging to file","javascript logging","javascript logging errors","logging vulnerabilities"],"seoTitle":"What are logging vulnerabilities? | Tutorial & examples","cves":[],"cwes":["CWE-117","CWE-223","CWE-532","CWE-778"],"description":"Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.","ecosystem":"javascript","ecosystems":["javascript","python","php","java","csharp","golang","cpp"],"rules":[],"slug":"logging-vulnerabilities","published":true,"url":"https://learn.snyk.io/lesson/logging-vulnerabilities/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5ys3pmaxbBwktmGZSHUhar/650192f9dcabcccb3abaf285d4a8d7ed/Security_logging_and_monitoring_failures.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f654aed0-4c94-4e83-791f-6d39630ce0ed","datePublished":"2023-03-30","author":"Luke Stephens","title":"Server-side request forgery (SSRF)","subtitle":"Unintended access to internal resources via exploited server","seoKeywords":["server-side request forgery","SSRF Vulnerabilities","SSRF Attack","http requests","web applications","XXE injection","arbitrary command execution","blind SSRF vulnerabilities","SSRF remediation"],"seoTitle":"What is SSRF (server-side request forgery)? | Tutorial & examples","cves":[],"cwes":["CWE-918"],"description":"Learn how to protect your code from server-side request forgery (SSRF) attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.","ecosystem":"javascript","ecosystems":["javascript","python","cpp"],"rules":[],"slug":"ssrf-server-side-request-forgery","published":true,"url":"https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4eEDx2b5pq9Sg7FUBgqpNW/dc2614ef0fe3e7089bbf1518d62eaf35/SSRF.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"bb4f3cc1-fe50-4988-dee1-3e9ceb9599ec","datePublished":"2024-11-11","title":"What is PCI DSS?","subtitle":"The Payment Card Industry Data Security Standard","seoKeywords":["PCI DSS","The Payment Card Industry Data Security Standard"],"seoTitle":"What is PCI DSS? | Tutorial and examples","cves":[],"cwes":[],"description":"This lesson covers PCI DSS, what it is, why it's important for developers to know, and some examples of how this applies to developers and their code.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"pci-dss","published":true,"url":"https://learn.snyk.io/lesson/pci-dss/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4l8UA8QokCZ7KZxGQ9yO4H/3be7944f4f44a5283ca01357f54d70ab/Hidden_Functionality.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ca4b8174-8bf5-4c17-9d79-04f4acfa8b5f","datePublished":"2022-10-07","author":"Thomas Malcolm","title":"Insecure design","subtitle":"Protect your applications against insecure design","seoKeywords":["owasp insecure design","insecure design vulnerabilities","Secure Development Lifecycle","Improper Handling of Insufficient Permissions or Privileges","Improper Privilege Management","insecure design"],"seoTitle":"Insecure Design | Tutorials & Examples","cves":[],"cwes":["CWE-841","CWE-280","CWE-266","CWE-269"],"description":"Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","python","cpp","java","php","golang","csharp"],"rules":[],"slug":"insecure-design","published":true,"url":"https://learn.snyk.io/lesson/insecure-design/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/xwdRrfcbCSKEkzk8gl8NS/6a097220701af7c6c8bfda73b6c0ea29/Insecure_design.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"fbb86e1d-9d39-4eeb-e060-44980b8da076","datePublished":"2022-08-25","author":"Luke Stephens","title":"Broken access control","subtitle":"Making sure we authenticate and authorize correctly","seoKeywords":["access control","Authentication control","What is broken access control","Broken access control vulnerability","Broken access control attacks","Broken access control examples","Broken access control"],"seoTitle":"What is broken access control | Tutorial & Examples","cves":[],"cwes":["CWE-862","CWE-1344","CWE-284","CWE-287","CWE-306","CWE-276","CWE-863"],"description":"Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.","ecosystem":"javascript","ecosystems":["javascript","python","cpp","php","golang"],"rules":[],"slug":"broken-access-control","published":true,"url":"https://learn.snyk.io/lesson/broken-access-control/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6nBmhWxYrZBqClG6gUWXYd/37cbec1882e1654bd5135927a3cd36d4/Broken_access_control.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5a2a0a34-d2ec-4302-8b20-2b6210fc75d3","datePublished":"2024-10-21","title":"What is Personally Identifiable Information (PII)?","subtitle":"What is it and how do we protect it?","seoTitle":"What is Personally Identifiable Information (PII)? | Tutorials & Examples","cves":[],"cwes":[],"description":"This lesson covers PII, its importance for developers, where it's found in software, common pitfalls, and best practices for securely handling personal data.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"what-is-pii","published":true,"url":"https://learn.snyk.io/lesson/what-is-pii/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/38ygFjTIrXDguqHtMV7TAA/8f765fd6793cfff23ab09e16a9d7d949/PII.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"a64c12aa-19ad-4960-3025-d8d14f3101d3","datePublished":"2022-10-21","author":"Luke Stephens","title":"Vulnerable and outdated components","subtitle":"Your code has more dependencies than ever, but are they secure?","seoKeywords":["Vulnerable software","Vulnerable and outdated components","Outdated software"],"seoTitle":"How to Manage Vulnerable and Outdated Components | Snyk Learn","cves":[],"cwes":["CWE-1344","CWE-1104","CWE-1035","CWE-937"],"description":"A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.","ecosystem":"javascript","ecosystems":["javascript","cpp","python"],"rules":[],"slug":"vulnerable-and-outdated-components","published":true,"url":"https://learn.snyk.io/lesson/vulnerable-and-outdated-components/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3EqSiclZts8johxNx8Ryup/5f70593b281127b4b87958824b4c1c26/Vulnerable_and_outdated_components.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ecc4b01f-0aca-4b7c-6a00-2f6f039bc4e9","datePublished":"2023-02-14","author":"Ruben Bos","title":"Null dereference","subtitle":"The dangers of accessing null objects","seoKeywords":["null dereference","null pointer deference","null pointer vulnerability","null dereference vulnerability"],"seoTitle":"What is a null dereference? | Tutorial & examples","cves":[],"cwes":["CWE-476","CWE-465"],"description":"Learn about null dereference and null pointer deference. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"cpp","ecosystems":["cpp"],"rules":[],"slug":"null-dereference","published":true,"url":"https://learn.snyk.io/lesson/null-dereference/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5hyy9meZn31ETlz5ZylIni/e8713e99bf45dbee1ac0fa1be4475d20/Null_dereference.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5a5768a1-98eb-450d-1fd6-53aacbacb8da","datePublished":"2024-03-15","title":"Excessive agency","subtitle":"AI overstepping its bounds: understanding and mitigation","seoTitle":"What is excessive agency? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn about excessive agency (LLM08), in the OWASP Top 10 for LLM applications. We'll look at what it is, how it works, and how to mitigate it.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"excessive-agency","published":true,"url":"https://learn.snyk.io/lesson/excessive-agency/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4crQWHoQLW6KwWZB1O6wXl/4f23abfdebe19f624bb18f8ac8e01db8/excessive_agency.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"d56e33ae-865e-568a-1b3d-ab3e49507e8f","datePublished":"2024-04-22","title":"Denial of service","subtitle":"Bringing down and LLM with DoS","seoTitle":"What is an LLM denial of service? | Tutorial & examples","cves":[],"cwes":[],"description":"In this lesson, we'll look at how Denial of Service (DoS) attacks work, why they occur, and how to prevent them. We'll specifically be focusing on LLMs and OWAPS's LLM04.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"llm-denial-of-service","published":true,"url":"https://learn.snyk.io/lesson/llm-denial-of-service/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/ZvRf95TIjO5XcPEsABadC/b398aaa8983adacea70cee2f7d658cd4/dos.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"8dbf8638-4f22-5086-c526-305a4fd4e47a","datePublished":"2024-05-06","title":"Insecure plugins for LLMs","subtitle":"External plugins bring extra functionality and extra danger","seoTitle":"What are insecure plugins in LLMs? | Tutorial and examples","cves":[],"cwes":[],"description":"Learn how an attacker can exploit insecure plugins in LLM-based applications and compare them to similar attacks like resource exhaustion with examples.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"llm-insecure-plugins","published":true,"url":"https://learn.snyk.io/lesson/llm-insecure-plugins/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2jevQDbNYmlUJuus6rbjaM/8c3968cc60e8e0c6c2ae171260f4e4ea/insecure-plugins.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"daf32036-ef2e-5958-bd23-b1e4d79844f0","datePublished":"2024-02-15","title":"Prompt injection","subtitle":"AI manipulation tactics: understanding and mitigation","seoTitle":"What is prompt injection? | Tutorial and examples","cves":[],"cwes":[],"description":"Learn about prompt injection or LLM01, in the OWASP Top 10 for LLM applications. We'll look at prompt injection, how it works, and how to mitigate it.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"prompt-injection","published":true,"url":"https://learn.snyk.io/lesson/prompt-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2c6X0kUEBVES7qF06wyHNO/71a5db3945f06cfa1d0928ccdf234e50/prompt_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"dab0c0fa-b0c0-55b0-530f-9d689119544b","datePublished":"2024-05-24","title":"Overreliance on LLMs","subtitle":"Dealing with incorrect or inappropriate content generated by LLMs","seoTitle":"What is overreliance on LLMs? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how you can introduce vulnerabilities into your code by overreliance on LLMs. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"overreliance-on-llms","published":true,"url":"https://learn.snyk.io/lesson/overreliance-on-llms/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2jrHtTup0JHkQ6elwqnroO/48be3f29e147fbf41550ba0f7326d431/overreliance-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0e893170-7845-4597-4db2-5af106440b55","datePublished":"2024-06-07","title":"Insecure output handling in LLMs","subtitle":"Even your LLMs need to sanitize data!","seoTitle":"Insecure output handling in LLMs | Tutorials & Examples","cves":[],"cwes":[],"description":"Learn how your LLM can create vulnerabilities by not sanitizing data and creating insecure output. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"insecure-input-handling","published":true,"url":"https://learn.snyk.io/lesson/insecure-input-handling/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5tTUj9UtYedv4onsqMuGSo/9bcd7b2ffb404b11e44bf14466fbb8d4/output-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"c9ff4270-c527-4d10-0b47-6991ccfc023a","datePublished":"2024-06-25","title":"Sensitive information disclosure in LLMs","subtitle":"Can your LLM keep a secret?","seoTitle":"What is sensitive information disclosure in LLMs? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how your LLM might give away too much data, including sensitive information. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"sensitive-information-disclosure-llm","published":true,"url":"https://learn.snyk.io/lesson/sensitive-information-disclosure-llm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1jpYPV3FAIBUlDGyXZTeXn/80169d9b94201ae78f59a9a2451fc88d/sensitive-info-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"ef1a72bf-6de5-501b-aace-e39d970e9d0b","datePublished":"2024-07-22","title":"Training data poisoning","subtitle":"Is the data in your dataset correct? ","seoTitle":"What is training data poisoning? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how your LLM can become insecure and unreliable with training data poisoning. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"training-data-poisoning","published":true,"url":"https://learn.snyk.io/lesson/training-data-poisoning/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6LKlXUmRZbsm1RI5DVkJh7/7c0f07537979bb83a794cf9d06fe46ec/training-data-poisoning-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f7eea628-0ba4-5475-400c-f6392e408e38","datePublished":"2024-08-13","title":"Supply chain vulnerabilities","subtitle":"When a trusted third party becomes untrustworthy","seoTitle":"What are supply chain vulnerabilities in LLMs? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how your LLM can become vulnerable due to threats within the supply chain. We'll look at examples and mitigation techniques.","ecosystem":"aiml","ecosystems":["aiml"],"rules":[],"slug":"supply-chain-vulnerabilities-llm","published":true,"url":"https://learn.snyk.io/lesson/supply-chain-vulnerabilities-llm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1ffYhZsTYSfTTD36Uyz7jW/bb35aca0d7fee0d8a9e74d651689a1a6/supply-chain-llm.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f39d9231-6cb2-512b-bdca-dea8be7b587d","datePublished":"2024-07-29","title":"Security Analytics with Snowflake","subtitle":"An introduction to performing analytics with Snowflake","seoKeywords":["Snyk","Snowflake","analytics","reports"],"seoTitle":"Security Analytics with Snowflake","cves":[],"cwes":[],"description":"Unlocking powerful new analytical tools to better understand and visualize Snyk data with your data in Snowflake","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"security-analytics-with-snowflake","published":true,"url":"https://learn.snyk.io/lesson/security-analytics-with-snowflake/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":["Analytics","Integrations","Reporting"],"educationContentCategory":"product training"},{"lessonId":"0976bce6-4529-4079-d0c2-3ec0a17833ac","datePublished":"2023-09-26","title":"Using Snyk with CI/CD","subtitle":"Three different use cases for using Snyk with CI/CD","seoTitle":"Using Snyk with CI/CD | Snyk Training","cves":[],"cwes":[],"description":"Learn why to use Snyk in a CI/CD pipeline, different ways of deployment, and three different use cases for using Snyk with CI/CD.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"using-snyk-with-ci-cd","published":true,"url":"https://learn.snyk.io/lesson/using-snyk-with-ci-cd/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2GAedypbAnsKbUdVqouKYh/b8fc9ee79b3245091ad0da00feb70237/CD.svg","topics":["CI/CD"],"educationContentCategory":"product training"},{"lessonId":"3a1226d9-79e2-4f2c-b3b9-c811a301d558","datePublished":"2023-09-18","title":"Opening a Jira issue","subtitle":"Initiate a Jira issue from Snyk","seoTitle":"Opening a Jira issue | Snyk Training","cves":[],"cwes":[],"description":"Learn to initiate a Jira issue for an issue right from the Snyk Web UI.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"jira-issue","published":true,"url":"https://learn.snyk.io/lesson/jira-issue/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1Zi4gBzwxeMQuRBEHQNGQJ/9ab7fa64555c57ee45d24aab5146f4d5/Open_Jira_issue.svg","topics":["Issues"],"educationContentCategory":"product training"},{"lessonId":"b9ae4e27-5f73-4e57-d08a-f9744390a122","datePublished":"2023-09-18","title":"Configuring notifications","subtitle":"Send alerts, change settings, set defaults","seoTitle":"Configuring notifications | Snyk Training","cves":[],"cwes":[],"description":"Prepare for developer adoption of Snyk by setting appropriate notification defaults for new organizations created and new projects imported.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"configuring-notifications","published":true,"url":"https://learn.snyk.io/lesson/configuring-notifications/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4YN4VG2Uhv9nq8JytQyfmb/9227d51afd04d6e747d23d119ca3e72d/Notifications.svg","topics":["Notifications"],"educationContentCategory":"product training"},{"lessonId":"8394297f-e86c-50ac-3dd9-83da245b1553","datePublished":"2023-09-19","title":"Integrating Snyk at your company","subtitle":"Snyk across the SDLC","seoTitle":"Integrating Snyk at your company | Snyk Training","cves":[],"cwes":[],"description":"Consider how you want to adopt Snyk across your SDLC and learn about the Snyk Developer Adoption Model to determine where you are in your security journey.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"integrate-snyk-at-your-company","published":true,"url":"https://learn.snyk.io/lesson/integrate-snyk-at-your-company/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1SGM19Yonc38lpiHs4e7Ii/055b18854e818b4a0e1bb3253fab6a35/Ways_to_integrate_Snyk_at_your_company.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"a0ed85b5-a5ba-4647-6ba4-9776782acaf5","datePublished":"2023-09-19","title":"Intro to Snyk for developers","subtitle":"Perform security tests and understand the results","seoTitle":"Intro to Snyk for developers | Snyk Training","cves":[],"cwes":[],"description":"Learn about how Snyk can help you develop securely, including how to find and fix issues with the Snyk IDE plugin and in the Snyk CLI.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-for-developers","published":true,"url":"https://learn.snyk.io/lesson/snyk-for-developers/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/bh2H1IP8bSwAqaFxemrfW/77e58bf62ad5146cb073985f33d28756/Intro_to_Snyk_for_Developers.svg","topics":["Security knowledge","Issues"],"educationContentCategory":"product training"},{"lessonId":"846e5eb4-eb14-5344-0ba3-3e457be6394d","datePublished":"2023-09-25","title":"Security policy management","subtitle":"Automate how you identify certain issues","seoTitle":"Security policy management | Snyk Training","cves":[],"cwes":[],"description":"Learn to define the conditions and actions for new security policies and apply them based on attributes or Organizations.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"security-policy-management","published":true,"url":"https://learn.snyk.io/lesson/security-policy-management/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/17bQY4f2GS8Tr8SlCULla6/126c65d18a1137f1b44df646b4c365b8/Introduction_to_Security_Policies.svg","topics":["Enterprise","Issues","Policies"],"educationContentCategory":"product training"},{"lessonId":"bbef0989-51bb-506a-ea5b-c8253754b4bc","datePublished":"2023-09-26","title":"Snyk Reports","subtitle":"Getting the most out of Snyk Reports","seoTitle":"Snyk Reports | Training","cves":[],"cwes":[],"description":"Learn how development and security teams can use Snyk reports for prioritization, responsibility, and accountability.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-reports","published":true,"url":"https://learn.snyk.io/lesson/snyk-reports/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5Q5VHb3df4uIn2nqogNkw8/9a54be51a61dadfdf5299db62a988844/Using_Snyk_Reports.svg","topics":["Issues","Reporting"],"educationContentCategory":"product training"},{"lessonId":"8e525046-5550-4d70-7b01-c0e85c12b983","datePublished":"2023-09-12","title":"Ignoring issues","subtitle":"Prioritize and deprioritize issues","seoTitle":"Ignoring issues | Snyk Training","cves":[],"cwes":[],"description":"In this training lesson, learn to ignore issues in the Snyk UI as a prioritization strategy.\n","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"ignoring-issues","published":true,"url":"https://learn.snyk.io/lesson/ignoring-issues/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7FnFZj32prmgCkx0rBd9JK/9fa223684186cacd5f6d86dc2838d33c/Ignore_issues_in_Snyk_UI.svg","topics":["UI","Issues"],"educationContentCategory":"product training"},{"lessonId":"c7574b9f-0847-55a2-d220-4b3756f6c4bd","datePublished":"2023-09-13","title":"Finding source code issues","subtitle":"Using Snyk Code in your Git Code Repositories","seoTitle":"Finding source code issues | Snyk Training","cves":[],"cwes":[],"description":"Learn to use the Snyk Web UI to find code issues. Take a closer look at the Projects page and the Issue card for code Projects and issues.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"finding-source-code-issues","published":true,"url":"https://learn.snyk.io/lesson/finding-source-code-issues/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/39gsymitlRJsPjhiVWNqUb/ebbdab8cfc311ca45db0709c4f6bf419/Find_code_issues.svg","topics":["Snyk Code","Issues"],"educationContentCategory":"product training"},{"lessonId":"bd843100-b99c-466f-515d-aedaeb9406ea","datePublished":"2023-09-18","title":"Roles and permissions in enterprise","subtitle":"Members, permission, and more","seoTitle":"Roles and permissions in enterprise | Snyk Training","cves":[],"cwes":[],"description":"Learn to invite members to your Organization and set the permissions on who can ignore issues.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"roles-and-permissions-in-enterprise","published":true,"url":"https://learn.snyk.io/lesson/roles-and-permissions-in-enterprise/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3wPYwiE4OQK7kvboCw7znA/563506f8d7d77656cc075f9a22ff9358/Members_and_Permissions.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"ec0cb53f-11aa-4c03-c1c3-588b149a806e","datePublished":"2023-09-18","title":"Importing a Project","subtitle":"Strategies for importing a project","seoTitle":"Importing a Project | Snyk Training","cves":[],"cwes":[],"description":"Learn how Snyk identifies a project. You'll also learn different ways to import projects and understand considerations for importing projects in bulk.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"importing-a-project","published":true,"url":"https://learn.snyk.io/lesson/importing-a-project/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6vdx6f0j8EL8wjcRLX8ws5/058032dda89ae175b0f9d5ccbe887141/Project_import_strategies.svg","topics":["Project imports"],"educationContentCategory":"product training"},{"lessonId":"c48d1a39-8760-4e5f-d581-206e9d367dc4","datePublished":"2023-09-15","title":"Snyk CLI and Snyk Open Source","subtitle":"Install and authenticate the CLI","seoTitle":"Snyk CLI and Snyk Open Source | Snyk Training","cves":[],"cwes":[],"description":"Learn to authenticate the local CLI to your Snyk account. You'll also learn how to review results for Snyk test and Snyk monitor commands.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-cli","published":true,"url":"https://learn.snyk.io/lesson/snyk-cli/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4fS7VlU1hub37JL2s6ibzR/18583cf9dd95267010a538c86397145c/Introduction_to_Snyk_CLI.svg","topics":["Snyk Open Source"],"educationContentCategory":"product training"},{"lessonId":"8b0e05c1-4ce5-4c41-32d2-3075ac6ceb83","datePublished":"2023-09-15","title":"Snyk implementation kickoff","subtitle":"Getting started, all in one video","seoTitle":"Snyk implementation kickoff | Snyk Training","cves":[],"cwes":[],"description":"Learn the best practices for preparing to roll out Snyk to your teams, including a Snyk overview, rollout considerations, the maturity of your security program, and more.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-implementation-kickoff","published":true,"url":"https://learn.snyk.io/lesson/snyk-implementation-kickoff/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6Pc1qjeNxHZENj1VXTJ0Hv/f7ea132b5bf3f2685a7836c1cb036661/Snyk_Implementation_Kickoff.svg","topics":["Enterprise"],"educationContentCategory":"product training"},{"lessonId":"53ee635e-9b36-456a-9328-290b2aa7896a","datePublished":"2023-09-13","title":"Intro to Snyk UI","subtitle":"Welcome to the Snyk UI","seoTitle":"Intro to Snyk UI | Snyk Training","cves":[],"cwes":[],"description":"Learn to use Snyk to find, prioritize, and fix issues for Open Source, Code, Container, and IaC files.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"intro-to-snyk-ui","published":true,"url":"https://learn.snyk.io/lesson/intro-to-snyk-ui/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3osKqb28iRKqzO1pfHeoTC/5ca89da5bd22db5b12f67ebf283a1706/Introduction_to_the_Snyk_UI.svg","topics":["UI"],"educationContentCategory":"product training"},{"lessonId":"092a66d9-c5c8-4b77-9855-49e6183bdb14","datePublished":"2023-09-29","title":"Intro to Snyk for administrators","subtitle":"Configure key settings in Snyk","seoTitle":"Intro to Snyk for administrators | Snyk Training","cves":[],"cwes":[],"description":"Learn the best practices for configuring your Snyk Organization to align your integration settings with your security maturity and manage aspects of your Organization.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-for-administrators","published":true,"url":"https://learn.snyk.io/lesson/snyk-for-administrators/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2YBEsl4r9nWeVeI4Z5OCdG/c828935a3bc1bf7a2c11ae00231d3806/Intro_to_Snyk_for_Administrators.svg","topics":["Admin"],"educationContentCategory":"product training"},{"lessonId":"4963cdf2-dc45-4901-7a70-d91ae0a78785","datePublished":"2023-09-28","title":"Configuring Snyk with your source control manager","subtitle":"Integrations and automations","seoTitle":"Configuring Snyk with your source control manager | Snyk Training","cves":[],"cwes":[],"description":"Learn to configure an example source code manager integration to make the best use of automations for your stage of the Snyk Developer Adoption model.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"configure-snyk-scm","published":true,"url":"https://learn.snyk.io/lesson/configure-snyk-scm/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/VB3xULgcm0yT5mGYyTrvU/d8ef6a67e9d304537d2e5604ea7bc3f7/Source_Code_Manager_Configurations.svg","topics":["Integrations"],"educationContentCategory":"product training"},{"lessonId":"88f2507c-75cf-4de3-1bbf-5156f71a7e0a","datePublished":"2023-09-28","title":"Creating custom rules for Snyk Code","subtitle":"Rules, queries, and policies","seoTitle":"Creating custom rules for Snyk Code | Snyk Training","cves":[],"cwes":[],"description":"Learn about how to use Snyk Code custom rules and get a high-level overview of the custom editor for Snyk Code and its capabilities.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"custom-rules-for-snyk-code","published":true,"url":"https://learn.snyk.io/lesson/custom-rules-for-snyk-code/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4GM2r47uSze1so5vk7CeoH/df9a9179d9e70bddbecc0ba7b394a151/Snyk_Code_Custom_Rules.svg","topics":["Snyk Code","Issues"],"educationContentCategory":"product training"},{"lessonId":"1480d2fa-5a82-4b3a-923d-517f8a69977b","datePublished":"2023-09-28","title":"Fixing open source vulnerabilities","subtitle":"Fixing all those pesky issues","seoTitle":"Fixing open source vulnerabilities | Snyk Training","cves":[],"cwes":[],"description":"In this training lesson, learn to open a fix PR from the Snyk Web UI if your language/package manager supports it.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"fixing-issues","published":true,"url":"https://learn.snyk.io/lesson/fixing-issues/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/46uprjwhytZ1VW831CUar4/2f15aae7c83033c3860e216388b937b3/Fix_Issues.svg","topics":["Issues"],"educationContentCategory":"product training"},{"lessonId":"f16e894b-8548-578f-9ace-7af3e9697e70","datePublished":"2023-09-29","title":"CircleCI Implementation","subtitle":"Add Snyk scanning to your build pipeline","seoTitle":"CircleCI Implementation | Snyk Training","cves":[],"cwes":[],"description":"This session gives a quick walkthrough on how to add Snyk scanning into your build pipeline using the Snyk Orb in CircleCI.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"circleci-implementation","published":true,"url":"https://learn.snyk.io/lesson/circleci-implementation/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3GWkHtTbo8n4k3QaJV7p1h/a9b1a86c9919f287bfe570ab20c767e4/Implement_Snyk_with_CircleCI__1_.svg","topics":["CI/CD","CircleCI"],"educationContentCategory":"product training"},{"lessonId":"ab536968-4827-5052-17a7-a7d4cc3de49e","datePublished":"2023-09-29","title":"Integrating and using Snyk with CircleCI","subtitle":"Learn about orbs, tokens, and scans","seoTitle":"Integrating and using Snyk with CircleCI | Snyk Training","cves":[],"cwes":[],"description":"Learn to configure and run the Snyk scan step in your CircleCI builds, including activating Snyk Orb, editing the configuration template, reviewing the results, and more","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"integrating-snyk-circleci","published":true,"url":"https://learn.snyk.io/lesson/integrating-snyk-circleci/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/rO5uKBk2dRVD95GjsCrEQ/95d2de66ab0d995f116e61c2e0ee11aa/Implement_Snyk_with_CircleCI.svg","topics":["CircleCI"],"educationContentCategory":"product training"},{"lessonId":"b7777a05-390b-4b0a-f806-094a0c529668","datePublished":"2023-09-29","title":"Open source license policy management","subtitle":"Identify if you are using packages with certain types of licenses","seoTitle":"Open source license policy management | Snyk Training","cves":[],"cwes":[],"description":"Learn to define how Snyk identifies open-source packages that use certain licenses. Include guidance for developers on addressing issues that don't meet license policy.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"license-policy-management","published":true,"url":"https://learn.snyk.io/lesson/license-policy-management/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5HQpB9HLfAuO7Tkj6rXIbZ/9081f5554767a0eb3e3acb503b6d9f92/Introduction_to_License_Policies.svg","topics":["Snyk Open Source"],"educationContentCategory":"product training"},{"lessonId":"576e1c02-8353-4897-5840-e84437793768","datePublished":"2023-09-12","title":"Creating Infrastructure as Code (IaC) custom rules","subtitle":"Learning how to create IaC custom rules","seoTitle":"Creating Infrastructure as Code (IaC) Custom Rules | Snyk Training","cves":[],"cwes":[],"description":"In this lesson, we will learn how to create a custom infrastructure as code rule using an example to ensure public EC2 instances are not used.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"iac-custom-rules","published":true,"url":"https://learn.snyk.io/lesson/iac-custom-rules/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":["IaC"],"educationContentCategory":"product training"},{"lessonId":"0537d045-fe98-451a-b95c-c00b8c9e58fc","datePublished":"2023-09-29","title":"Prioritize issues using the Snyk Web UI","subtitle":"Using filters for prioritization","seoTitle":"Prioritize issues using the Snyk Web UI | Snyk Training","cves":[],"cwes":[],"description":"Learn to use filters in the Snyk UI for prioritizing the list of issues.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"prioritize-issues-snyk","published":true,"url":"https://learn.snyk.io/lesson/prioritize-issues-snyk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1YQVikEEVyIHgeYX8kVgRq/778ceb052d51311086a5c64e269c21ca/Prioritize_issues_in_the_Snyk_Web_UI.svg","topics":["Issues"],"educationContentCategory":"product training"},{"lessonId":"a8bd2a25-3027-4f73-c024-179a66bfe3bc","datePublished":"2023-09-28","title":"Configuring Snyk with Bitbucket","subtitle":"How Default Snyk Tests on PRs work in Bitbucket","seoTitle":"Configuring Snyk with Bitbucket | Snyk Training","cves":[],"cwes":[],"description":"See how Default Snyk Tests on PRs work in Bitbucket, including the configuration for an Organization or a Project and how to review and skip blocked builds.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"snyk-with-bitbucket","published":true,"url":"https://learn.snyk.io/lesson/snyk-with-bitbucket/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1ckRWa4qYjZgpuJpjLe50U/05e8a944796767369d0175b827bb2c89/Use_Snyk_to_block_builds_in_Bitbucket.svg","topics":["CI/CD"],"educationContentCategory":"product training"},{"lessonId":"3da939df-0493-4549-d3c5-1200d26bc5d7","datePublished":"2023-09-29","title":"SSO, authentication, and user provisioning","subtitle":"Provisioning new users via single sign-on (SSO)","seoTitle":"SSO, authentication, and user provisioning | Snyk Training","cves":[],"cwes":[],"description":"Learn about the options for provisioning new users via single sign-on (SSO). You'll also prepare for completing the SSO setup process.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"sso-authentication-provisioning","published":true,"url":"https://learn.snyk.io/lesson/sso-authentication-provisioning/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/6BMaVSsPnmTrOkX8vfbKXQ/7299c723bb827834d1ad1d6f10462c41/SSO__authentication__and_user_provisioning.svg","topics":["Authentication"],"educationContentCategory":"product training"},{"lessonId":"afabff79-c8f2-513e-b5a1-b42e455fb5db","datePublished":"2023-09-29","title":"Secure development with Snyk","subtitle":"Secure your applications with Snyk","seoTitle":"Secure development with Snyk | Snyk Training","cves":[],"cwes":[],"description":"Learn how the Snyk Platform, Snyk Advisor, and learning platform help develop a secure application.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"secure-development-with-snyk","published":true,"url":"https://learn.snyk.io/lesson/secure-development-with-snyk/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4MPNigsPIsyVptsiiQ19jO/8a33bd394f63b0e0d0120734403e9e00/Introduction_to_Secure_Development.svg","topics":["Security knowledge"],"educationContentCategory":"product training"},{"lessonId":"58b937bb-a5dc-4775-f4fc-05d22c609764","datePublished":"2023-07-31","title":"Unrestricted upload of files with dangerous types","subtitle":"File upload functionality can present a huge risk to your application if implemented incorrectly!","seoKeywords":["Unrestricted upload of files","Unrestricted file upload","Insufficiently restricted file uploads"],"seoTitle":"What is unrestricted file upload? | Tutorial & examples","cves":[],"cwes":["CWE-434"],"description":"Learn about the dangers of file uploads and the inefficiently restricted file uploads with dangerous types. Learn to mitigate and fix the vulnerability from experts.","ecosystem":"javascript","ecosystems":["javascript","cpp","csharp"],"rules":[],"slug":"unrestricted-file-upload","published":true,"url":"https://learn.snyk.io/lesson/unrestricted-file-upload/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5yf7zcwd02FxPJRB9DBZbL/d3f869fcdb60abb50e53c73a228a3bac/unrestricted_upload.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"6a81f9c2-f9db-4d13-7893-86ee604148c9","datePublished":"2022-11-04","author":"Luke Stephens","title":"No rate limiting","subtitle":"Stopping attackers one request at a time","seoKeywords":["Api rate limiter","No rate limiting vulnerability owasp","What flaws can lead to exposure of resources","What is rate limiting","Rate limit API","Rate limiting"],"seoTitle":"No Rate Limiting | Tutorial & Examples","cves":[],"cwes":["CWE-134","CWE-307","CWE-770"],"description":"Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.","ecosystem":"javascript","ecosystems":["python","javascript","golang","php","java","csharp"],"rules":[],"slug":"no-rate-limiting","published":true,"url":"https://learn.snyk.io/lesson/no-rate-limiting/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4pbdHbsXrXBcyfKXjTQCyW/a942e7cd24ff7a27c5a8c5291201e44e/No_rate_limit.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"81d9c886-52aa-48c8-3a73-6fecb7df8a1a","datePublished":"2024-04-04","title":"Double free","subtitle":"Free your memory but be careful","seoTitle":"What is double free? | Tutorial and examples","cves":[],"cwes":["CWE-415"],"description":"Learn about the memory management flaw, double free, that occurs when a program releases the same memory block twice. Learn to mitigate and remediate the vulnerability.","ecosystem":"cpp","ecosystems":["cpp"],"rules":[],"slug":"double-free","published":true,"url":"https://learn.snyk.io/lesson/double-free/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5yLGB7jPXGU75N3kt4vsZ2/2eb7265251f4a6b5e8d8932ac5d2d119/double_free.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5e271a5b-a14a-4683-3a1b-68ae96b23dae","datePublished":"2022-11-18","title":"NoSQL injection attack","subtitle":"Attacking non-relational databases","seoKeywords":["Nosql injection","Mongodb injection","Nosql security","Sql injection mongoDB","Nosql attack","Nosql attack example","Mongodb injection attack","Nosql injection payload"],"seoTitle":"NoSQL Injection attack | Tutorials & Examples","cves":[],"cwes":["CWE-943"],"description":"Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information","ecosystem":"javascript","ecosystems":["javascript","cpp","csharp"],"rules":[],"slug":"nosql-injection-attack","published":true,"url":"https://learn.snyk.io/lesson/nosql-injection-attack/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/27nfnbvp15tBZLiZHXeASQ/ef09aaf6e9ebba1db07a2e73b8d39a8f/NoSQL_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"f1ea0321-3209-4ab6-c561-6183a16bf12c","datePublished":"2023-04-04","author":"Michael Biocchi","title":"Mass assignment","subtitle":"Be careful with parameters that are automatically bound from requests to objects","seoKeywords":["mass assignment","mass assignment vulnerability example"],"seoTitle":"What is mass assignment? | Tutorial & examples","cves":[],"cwes":["CWE-915"],"description":"Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript","php"],"rules":[],"slug":"mass-assignment","published":true,"url":"https://learn.snyk.io/lesson/mass-assignment/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2tslH7kFz8ynLUN05Y6I9Z/d09cfe2deba605b5b062737b0d6038cb/Mass_assignment.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"552843d9-4ac7-438e-e7a4-f94c0bcdd5cc","datePublished":"2024-02-06","title":"runc process.cwd Container breakout vulnerability","subtitle":"Looking at Leaky Vessels CVE-2024-21626","seoTitle":"CVE-2024-21626 Container breakout | Tutorial & examples","cves":["CVE-2024-21626"],"cwes":[],"description":"In this lesson, we will look at a very specific container breakout vulnerability, CVE-2024-21626. We'll look at the vulnerability in action and the mitigation.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"cve-2024-21626-runc-process-cwd-container-breakout","published":true,"url":"https://learn.snyk.io/lesson/cve-2024-21626-runc-process-cwd-container-breakout/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4YPEH5mApntedSVXZDcqk1/7d06677b2085cbf97fcb55ae10869638/leaky_vessels.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"0bc16151-c6c6-4064-7e03-105407efbd60","datePublished":"2024-01-18","title":"Insecure default variable initialization","subtitle":"Default values can lead to unsafe outcomes","seoTitle":"What are insecure defaults? | Tutorial & examples","cves":[],"cwes":["CWE-453"],"description":"Learn what insecure default variable initialization is, how to mitigate it, and how to remediate the vulnerability with real-world examples from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insecure-defaults","published":true,"url":"https://learn.snyk.io/lesson/insecure-defaults/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5Wdo4KqNlg757HRSNwFXX4/e531b3b36ed18f3935a9d7d407170461/Insecure_defaults.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5f84f5a2-5714-518d-064b-56741dd83fe6","datePublished":"2023-12-15","title":"Expression Language injection (ELI)","subtitle":"Protect your applications against Expression Language injection","seoTitle":"What is Express Language injection? | Tutorial & examples","cves":[],"cwes":["CWE-917"],"description":"Learn how Expression Language injection (ELI) works and how to protect your applications against it with real-world examples from security experts.","ecosystem":"java","ecosystems":["java"],"rules":[],"slug":"express-language-injection","published":true,"url":"https://learn.snyk.io/lesson/express-language-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1TkxLVsTGkaJHXZ5A5C7Uq/98390e495f83fbacf32fde380985b32a/Express_Language_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5029bacf-9ab9-4786-f7a5-7ea055a66104","datePublished":"2022-03-25","title":"Insecure deserialization","subtitle":"Improper handling of serialized data containing user input","seoTitle":"Insecure Deserialization | Tutorials & Examples","cves":["CVE-2022-23302","CVE-2022-23307"],"cwes":["CWE-502"],"description":"Learn how an insecure deserialization attack works, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"java","ecosystems":["java","python","javascript"],"rules":[],"slug":"insecure-deserialization","published":true,"url":"https://learn.snyk.io/lesson/insecure-deserialization/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/19r8TvFIedijMhexf5BNBZ/5bfc99a1cfa63abb4cbcfe858e7d71a6/Insecure_Deserialisation.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"773d6446-6ed0-5252-41d2-6fd839823109","datePublished":"2023-11-24","title":"Man-in-the-middle (MITM) attack","subtitle":"The dangers of intercepted connections","seoTitle":"What is a man in the middle attack? | Tutorial & examples","cves":[],"cwes":[],"description":"Learn about man-in-the-middle attacks and the different forms they come in. We'll look at different examples and how to prevent them.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"man-in-the-middle-attack","published":true,"url":"https://learn.snyk.io/lesson/man-in-the-middle-attack/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4jfoG8kEyRfcF8a2dMzDZJ/a8dc3889f4d5d939c40befc284614c95/man-in-the-middle.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"e1067383-80d5-5858-0ab0-93d7e9a8c62b","datePublished":"2023-11-21","title":"Common Vulnerabilities and Exposures (CVE)","subtitle":"Keeping track of vulnerabilities with CVE vulnerability database","seoTitle":"Common Vulnerabilities and Exposures (CVE) | Tutorial & examples","cves":[],"cwes":[],"description":"In this lesson, we describe how the CVE program brings standardization and information sharing to the vulnerability management activities of cybersecurity teams.","ecosystem":"general","ecosystems":["general"],"rules":[],"slug":"cve","published":true,"url":"https://learn.snyk.io/lesson/cve/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3WFwOJC56FwkDGiCQWUm15/7c00fe2dbe3610e41be2facb95dcbac9/CVE.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7abf05eb-210d-502e-a1ad-062084a0d205","datePublished":"2022-08-05","author":"Luke Stephens","title":"Cross site request forgery (CSRF)","subtitle":"Combining malicious code and social engineering","seoKeywords":["csrf","Cross site request forgery","Csrf token","Csrf attack","Cross site request forgery token","What is csrf","Csrf example","Csrf detected"],"seoTitle":"CSRF Attack | Tutorial & Examples","cves":["CVE-2022-35229","CVE-2022-34792"],"cwes":["CWE-352"],"description":"Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts. ","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"csrf-attack","published":true,"url":"https://learn.snyk.io/lesson/csrf-attack/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/3u8ecU0HGLMLMS7bWnpPaT/f67be1d9109be7a21181808147888825/CSRF.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"5c4b9dcd-d92b-50cf-e47f-e342a85689d3","datePublished":"2023-11-03","title":"PHP object injection","subtitle":"Learn about a common, critical vulnerability in PHP applications","seoTitle":"What is PHP object injection? | Tutorial & example","cves":[],"cwes":["CWE-502","CWE-915"],"description":"Learn how a PHP object injection attack works and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"php","ecosystems":["php"],"rules":[],"slug":"object-injection","published":true,"url":"https://learn.snyk.io/lesson/object-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/21J2vDwXfgLxIIB7bnlb75/0841fd0beaef124b042d21feec719e0c/Object_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"60d2f08b-76e2-5271-03b6-b87c1567ab74","datePublished":"2023-10-26","author":"Ruben Bos","title":"Uncaught exception","subtitle":"Catch 'em all: protect your app from uncaught exceptions","seoTitle":"What is an uncaught exception? | Tutorial & examples","cves":[],"cwes":["CWE-248"],"description":"Learn about uncaught exceptions and the vulnerabilities they can cause. What are they? How can you prevent them? Learn to mitigate and remediate this vulnerability.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"uncaught-exception","published":true,"url":"https://learn.snyk.io/lesson/uncaught-exception/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2dJcekNGSnfK9E31DYtlNf/2e1c261486b5c8c37249de4a3fd713b7/Uncaught_exceptions.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"879208fa-bf3a-4ae0-d419-a0091b3e940a","datePublished":"2023-01-11","author":"Luke Stephens","title":"Weak password recovery","subtitle":"Recovering forgotten passwords is not as straightforward as it sounds!","seoKeywords":["weak password recovery","weak password recovery validation attack","weak password recovery mechanism for forgotten password","weak password mitigation"],"seoTitle":"What is weak password recovery? | Tutorial & examples","cves":[],"cwes":["CWE-640"],"description":"A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.","ecosystem":"javascript","ecosystems":["javascript","golang","python"],"rules":[],"slug":"weak-password-recovery","published":true,"url":"https://learn.snyk.io/lesson/weak-password-recovery/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/7A5tr0APQuDGXwXFDuoDoX/664f48468efd1652528b95eebf6c280f/weak_password.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"af39c54a-aac0-43c1-46f7-36cdd1d1e50e","datePublished":"2021-01-07","author":"Patrick Debois","title":"Container is running in privileged mode","subtitle":"A user that has root access in a container with Privileged mode on basically is root on the host system","seoKeywords":["Docker security","securing Docker containers","Kubernetes","Capabilities","Docker cap add","Docker privileged","Docker capabilities","Kubernetes drop all capabilities","Kubernetes securitycontext","securitycontext capabilities"],"seoTitle":"Container runs in privileged mode | Tutorial & examples","cves":[],"cwes":[],"description":"Learn why using privileged mode on a container is a bad idea in almost all cases.","ecosystem":"kubernetes","ecosystems":["kubernetes"],"rules":["SNYK-CC-K8S-1"],"slug":"container-runs-in-privileged-mode","published":true,"url":"https://learn.snyk.io/lesson/container-runs-in-privileged-mode/","source":"cms","img":"https://res.cloudinary.com/snyk/image/upload/v1689095972/snyk-learn/lesson-images/multi_ecosystem_placeholder.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"83fa511d-24be-4e77-f29e-8f3727f66076","datePublished":"2021-09-07","author":"Patrick Debois","title":"Container does not drop all default capabilities","subtitle":"Default capabilities are not as strict as you think","seoKeywords":["Docker security","securitycontext capabilities","Kubernetes securitycontext","Kubernetes drop all capabilities","Docker capabilities","Docker privileged","Docker cap add","Kubernetes","Capabilities","securing Docker containers"],"seoTitle":"Container does not drop all default capabilities | Tutorial & examples","cves":[],"cwes":[],"description":"Learn how to improve Kubernetes security by dropping default capabilities for a container.","ecosystem":"kubernetes","ecosystems":["kubernetes"],"rules":["SNYK-CC-K8S-6"],"slug":"container-does-not-drop-all-default-capabilities","published":true,"url":"https://learn.snyk.io/lesson/container-does-not-drop-all-default-capabilities/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/51sbWrHWiUR7zHNfD1dV6Y/b1a3f163a2cc461df26e06e77cbefff1/Container_default_capabilities_Kubernetes.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"7dcf790f-e327-491c-cc2d-a719b55d76c6","datePublished":"2023-10-03","author":"Luke Stephens","title":"Insufficient encapsulation","subtitle":"Follow the principle of least privilege","seoKeywords":["Insufficient encapsulation"],"seoTitle":"What is an insufficient encapsulation? | Tutorial & examples","cves":[],"cwes":["CWE-1061"],"description":"Learn about insufficient encapsulation. What is it? How can you prevent it?","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insufficient-encapsulation","published":true,"url":"https://learn.snyk.io/lesson/insufficient-encapsulation/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5MEjv8rDLk2Yko6y7e4imG/265521d4c53a0ca8f44a0683ac0d8804/Insufficient_encapsulation.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"adcd9a1c-7f3b-454e-cede-433b33cd1ee7","datePublished":"2023-05-08","author":"Ruben Bos","title":"Use after free","subtitle":"The programmers definition of “gone but not forgotten”","seoTitle":"Use after free vulnerability | Tutorial & Examples","cves":[],"cwes":["CWE-416"],"description":"Learn about use after free vulnerability. Also, learn to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"cpp","ecosystems":["cpp"],"rules":[],"slug":"use-after-free","published":true,"url":"https://learn.snyk.io/lesson/use-after-free/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4dh9V9hsXSzIzXgX0cdcp8/27b5d844f3d1aa2a2d230212b521cf60/Use_after_free.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"be4a2ece-6507-4ed1-f3f1-d5d8d949c899","datePublished":"2021-09-15","author":"Simon Maple","title":"Directory traversal","subtitle":"Unintended disclosure of sensitive files","seoKeywords":["what is directory traversal","directory traversal","Path Traversal","directory traversal attack","directory traversal owasp","directory traversal vulnerability"],"seoTitle":"What is directory traversal? | Tutorial & examples","cves":["CVE-2022-31159","CVE-2022-24785"],"cwes":["CWE-26","CWE-24","CWE-25","CWE-23","CWE-22"],"description":"Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.","ecosystem":"javascript","ecosystems":["javascript","java","python","golang","csharp","php"],"rules":[],"slug":"directory-traversal","published":true,"url":"https://learn.snyk.io/lesson/directory-traversal/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2YuxATp9CjRMfYuOUlo3UA/14a0115da4aa90be1713c51ee8599cca/Directory_Traversal.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"dd39e4a2-b267-4b50-494e-49bca77ad865","datePublished":"2021-12-21","author":"Jessica Williams","title":"Log4Shell vulnerability","subtitle":"Protect your Log4j instances against malicious remote code execution (RCE)","seoKeywords":["log4j vulnerability explained","log4j vulnerability","log4shell","log4j exploit","log4j vulnerability fix","log4j rce","cve-2021-4428","how to fix log4j vulnerability","log4j vulnerability remediation","log4j vulnerability check","log4j impact"],"seoTitle":"What is Log4j vuln aka Log4Shell? | Tutorial & examples","cves":["CVE-2021-44228"],"cwes":[],"description":"Learn how to protect your Log4j instances against malicious remote code execution (RCE) in Java by exploiting a vulnerable application as part of this Snyk Learn lesson.","ecosystem":"java","ecosystems":["java"],"rules":["SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720"],"slug":"log4shell","published":true,"url":"https://learn.snyk.io/lesson/log4shell/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/5rAesOPCyEIjYaIYctyf8b/a872036e4d6b231ea0067c620c70916e/Log4Shell.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"42684a63-5e5d-51a2-3ac5-36c5e74bb201","datePublished":"2022-07-18","author":"Luke Stephens","title":"DOM XSS","subtitle":"Cross-site scripting attacks in the document object model","seoKeywords":["Dom based xss","Dom xss","Dom cross site scripting","Cross site scripting dom","Dom based xss examples","Dom xss payloads","Window location xss"],"seoTitle":"DOM Based XSS | Tutorial & Examples | Snyk Learn","cves":["CVE-2022-31103","CVE-2022-25069","CVE-2022-1555"],"cwes":["CWE-79"],"description":"Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"dom-based-xss","published":true,"url":"https://learn.snyk.io/lesson/dom-based-xss/","source":"cms","canonicalUrl":"https://learn.snyk.io/lessons/dom-based-xss/javascript/","img":"https://images.ctfassets.net/4un77bcsnjzw/7dRA4i9r7sBgH4xxpIC44t/2aa237d02dd165b2278fc211cac27f8a/DOM_XSS.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"1ea797ad-59ff-4f18-f554-fcc19f42af62","datePublished":"2023-03-06","author":"Luke Stephens","title":"Insecure temporary file","subtitle":"Protect your applications against the dangers of insecure temporary files","seoKeywords":["insecure temporary file"],"seoTitle":"What is an insecure temporary file? | Tutorial & examples","cves":[],"cwes":["CWE-377","CWE-378","CWE-379"],"description":"Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"insecure-temporary-file","published":true,"url":"https://learn.snyk.io/lesson/insecure-temporary-file/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4m4C7Kq4NZ3hoKrjNYZORO/e67c36041721e63531de3866a883e5ad/insecure_temporary_file.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"d6b2c7ba-6f1f-57cc-a1e9-15d10256ed91","datePublished":"2022-11-14","author":"Luke Stephens","title":"LDAP injection","subtitle":"Improper sanitization of LDAP queries","seoKeywords":["ldap injection","ldap injection attacks","ldap injection example"],"seoTitle":"What is LDAP injection? | Tutorial & examples","cves":[],"cwes":["CWE-90"],"description":"Learn about LDAP injection, and how to mitigate and remediate the vulnerability with real-world examples from security experts.","ecosystem":"python","ecosystems":["python"],"rules":[],"slug":"ldap-injection","published":true,"url":"https://learn.snyk.io/lesson/ldap-injection/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2EuOPRBNZFkjtKvtK5fhk6/1c9019dde075bc02adfbff2ba8616f83/LDAP_injection.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"97f9d95e-71ca-4eda-0d78-441302e117ed","datePublished":"2023-02-24","author":"Luke Stephens","title":"Cleartext storage of sensitive information in a cookie","subtitle":"Learn about the dangers of storing sensitive, unencrypted information in cookies","seoKeywords":["cleartext cookie","cleartext storage"],"seoTitle":"The dangers of storing cleartext sensitive information in a cookie? | Tutorial & examples","cves":[],"cwes":["CWE-315","CWE-312"],"description":"Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"cleartext-sensitive-information-in-cookie","published":true,"url":"https://learn.snyk.io/lesson/cleartext-sensitive-information-in-cookie/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2YPx78V8pPLktJSfSUtfjS/4bed918fd9a9e5a0e5dba38716bdfa74/cleartext_cookie.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"96371673-505f-4991-6fb0-d2dd95967ee4","datePublished":"2023-06-20","author":"Duncan Jepson","title":"Improper input validation","subtitle":"What's the first rule of input validation? Don't trust user input.","seoKeywords":["improper input validation"],"seoTitle":"What is improper input validation? | Tutorial & examples","cves":[],"cwes":["CWE-20"],"description":"Learn about the dangers of improper input validation and why you should never trust user input. Learn to mitigate and fix the vulnerability from experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"improper-input-validation","published":true,"url":"https://learn.snyk.io/lesson/improper-input-validation/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2JmE991hlZnG7zKVHjfV8F/1489d17365463bd494a798061ca29735/Improper_input.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"8d3bd38e-8404-45ba-e21a-77c82bce9390","datePublished":"2022-05-23","author":"Duncan Jepson","title":"Spring4Shell","subtitle":"Exploiting a remote code execution vulnerability","seoKeywords":["Spring4shell poc","Spring4shell exploit","CVE-2022-22965","Spring4shell vulnerability explained","spring4shell vulnerability","spring4shell CVE"],"seoTitle":"Spring4Shell RCE | Tutorials & examples","cves":["CVE-2022-22965"],"cwes":[],"description":"Learn what Spring4Shell is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization.","ecosystem":"java","ecosystems":["java"],"rules":["SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751"],"slug":"spring4shell","published":true,"url":"https://learn.snyk.io/lesson/spring4shell/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/2BJOdmLIvBEcX3IvHZBihG/856cac01b86e2c39fbc940c7606636a8/Spring4Shell_Java.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"686b3b4e-3f78-541d-dcf7-14817f372383","datePublished":"2023-08-16","author":"Ruben Bos","title":"Type confusion","subtitle":"The dangers of assuming a type","seoKeywords":["type confusion","finding type confusion bugs","CWE-843"],"seoTitle":"What is type confusion? | Tutorial & examples","cves":[],"cwes":["CWE-843"],"description":"Learn about the dangers of type confusion and the dangers of assuming a type. Learn to mitigate and fix the vulnerability from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"type-confusion","published":true,"url":"https://learn.snyk.io/lesson/type-confusion/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/4mxPecLE5qDDuYinVS4qV0/ae7eaafa51d99cfb24ea448d2b9e2bc0/Type_confusion.svg","topics":[],"educationContentCategory":"security education"},{"lessonId":"6ded5404-b531-4b2e-78b9-42a14d81b3fa","datePublished":"2023-09-08","author":"Luke Stephens","title":"Error messages containing sensitive information","subtitle":"Protect your applications against risky error messages","seoKeywords":["error messages containing sensitive information","CWE-209"],"seoTitle":"What is the risk of error messages with sensitive information? | Tutorial & examples","cves":[],"cwes":["CWE-209"],"description":"Learn about the dangers of generating error messages that contain sensitive information. Learn to mitigate and fix this vulnerability from security experts.","ecosystem":"javascript","ecosystems":["javascript"],"rules":[],"slug":"error-message-with-sensitive-information","published":true,"url":"https://learn.snyk.io/lesson/error-message-with-sensitive-information/","source":"cms","img":"https://images.ctfassets.net/4un77bcsnjzw/1nPcqxtGvqymvT6pGy9iKX/bbbdf40a03cbd942d49d58d41d32f0c6/Generating_error_message_sensitive_info.svg","topics":[],"educationContentCategory":"security education"}],"dataUpdateCount":1,"dataUpdatedAt":1744276953911,"error":null,"errorUpdateCount":0,"errorUpdatedAt":0,"fetchFailureCount":0,"fetchFailureReason":null,"fetchMeta":null,"isInvalidated":false,"status":"success","fetchStatus":"idle"},"queryKey":["listLessonsMetadata"],"queryHash":"[\"listLessonsMetadata\"]","meta":{"isContentQuery":true}}]},"_urlRewrite":null,"pageId":"/src/renderer/all","routeParams":{"*":""}}</script> <script src="/assets/entries/entry-server-routing.BdDa2_58.js" type="module" async></script> <link rel="modulepreload" href="/assets/entries/src_renderer_all.Df8qkHD_.js" as="script" type="text/javascript"> <link rel="modulepreload" href="/assets/chunks/chunk-BY1fY1Wp.js" as="script" type="text/javascript"> <link rel="modulepreload" href="/assets/chunks/chunk-D7HrI6pR.js" as="script" type="text/javascript"> </body> </html>