Public Missions

Get hands on with some of our training exercises. Check out our library of public Missions for a guided experience and to try your hand at some offensive secure coding practices in a real-world app simulation.

3d graphic of a bullseye

Cross-site scripting (XSS) in ‘ChatterGPT’

This mission reveals the familiar interface of a popular LLM, and utilizes a real code snippet generated in late November 2023. Users can interpret this snippet and investigate any potential security pitfalls if it were to be used for its intended purpose.

Blue 3d icon of leaves in a circle.

Spring MvcRequestMatchers

In March 2023, Spring released a fix for an internally discovered vulnerability, called CVE-2023-20860, where the use of a double wildcard ** in mvcRequestMatchers could cause a pattern mismatch between Spring Security and Spring MVC. This could ultimately lead to users gaining unauthorized access to certain endpoints. We've set up a very simplified banking application with a few endpoints. Follow the instructions and try to reproduce the impact of this access control vulnerability.

SQL Injection

We received reports from a user that they were able to exploit an SQL Injection vulnerability in the transaction search feature of the internet bank solution. They stated that they were able to view transactions that belong to other users and pointed out that this vulnerability could allow an attacker to do all sorts of nasty stuff to the database like dropping tables, viewing data from other tables, inserting data etc. Try your hand at replicating what the user did in this mission.

Codestashbin - Insecure Password Reset Function

CodeStashBin is one of the world's largest code version control hosting companies. Rumour has it that the forgot password process is flawed with an insecure password reset function vulnerability. It might be possible to change a privileged user's password and gain access to their account. Jump into this mission to investigate the issue.

Trojan Source - Using Components From Untrusted Sources

One of our Viking Bank developers naively copied some code from an untrusted source on the internet, which potentially contains vulnerable components, to help write an admin authorization check to manage credit cards. We've noticed that users have been changing their credit card limit, even though only admins should have this privilege. We think there's something up with that code. Try out the mission to investigate the code.

Apache Path Traversal - Using Known Vulnerable Components

On October 4th 2021, the Apache team released version 2.4.49 of Apache to address a path traversal and Remote Code Execution vulnerability in Apache 2.4.48, also known as CVE-2021-41773. On October 7th 2021, they released version 2.4.51 due to the fix in the 2.4.50 hotfix not being complete. This vulnerability was tracked as CVE-2021-42013. Try out this mission to see for yourself how this vulnerability can be exploited.

Psychic signatures - Using Known Vulnerable Components

CVE-2022-21449 has the coolest alias for a vulnerability, Psychic Signatures in Java. How did it get that name? It's a reference to Doctor Who's psychic papers. When shown to someone, these blank pieces of paper would be filled in with what they'd expect to see. Something similar happened in the Java (versions 15 till 18) implementation of the ECDSA algorithm, which has an effect on the signature verification of JWTs. We can submit an invalid signature, but Java will think it's valid. Want to see how it works? Let's get started.

Log4j - Using Known Vulnerable Components

The announcement early December 2021 of a 0-day exploit (CVE-2021-44228) in the very popular logging library Log4j, dropped a bombshell in the Java community. The exploit, dubbed Log4Shell affects Log4j v2 versions 2.0-beta9 to 2.14.1, and could lead to remote code execution. We've set up an environment to mock the exploit, so you can see the impact first hand. Try it now.

Secure Code Warrior Learning Platform

Discover the Secure Code Warrior Learning Platform

We secure software through developer-driven security at the start of the software development lifecycle.

Visit Secure Code Warrior