Hacking Headlines

Hacking Headlines

Learn about code vulnerability, why it happens, and how to eliminate it

Select a tutorial and start sharpening your skills!

This is a free version.

Apache Unomi

Apache Unomi is a Java open-source platform for managing customers and tracking their behavior. In this interactive tutorial, you will learn about Remote Code Execution vulnerabilities that have been found recently in Apache Unomi. Play and Learn...

5-8 MIN

Apache Unomi

eslint scope

ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. ECMAScript is a scripting-language specification standardized by Ecma International. eslint scope is the ECMAScript scope analyzer used in ESLint. In this interactive tutorial, you will learn how bad security habits of a developer could cause drastic consequences. Play and learn...

5-8 MIN

eslint scope
Available in Full Version only

Vert.X XXE

Vert.x-Web is a tool-kit for writing sophisticated modern web applications and HTTP microservices. In this interactive tutorial, we will demonstrate a recent XXE vulnerability found in Vert.x-web. Play and Learn...

5-8 MIN

Vert.X XXE
Available in Full Version only

Flask Panel XSS

Flask-Admin is an extension of a python Flask framework. It lets users add admin interfaces to Flask applications. In this interactive tutorial, we will demonstrate a recent XSS vulnerability found in the Flask-Admin. Play and Learn...

5-8 MIN

Flask Panel XSS
Available in Full Version only

Mozilla-Bleach Mutation Cross-Site Scripting (mXSS)

Mozilla-Bleach is an HTML sanitizing library. After the sanitization process, the html code is processed by the browser. If the html code is malformed, the browser mutates the html, and after mutation, there is no sanitizer to make sure the html code doesn’t invoke scripts. In this interactive tutorial, you will learn how a sanitizer, which supposed to be a protection against XSS, might expose the application to mutation XSS.

5-8 MIN

Mozilla-Bleach Mutation Cross-Site Scripting (mXSS)
Available in Full Version only

Cryptiles

Cryptiles is an npm package of crypto helper methods. In April 2019, this package was deprecated as a result of a security defect, a new package called @hapi/cryptiles was published and yet, the users kept downloading the deprecated version. In this interactive tutorial, you will learn about vulnerabilities that have been found in Cryptiles and what are the consequences of using a deprecated version. Play and Learn...

5-8 MIN

Cryptiles
Available in Full Version only

Pippo Deserialization

Pippo is an open source (Apache license) micro web framework in Java, with minimal dependencies and a quick learning curve. It is popular among the developers due to its ease of use. In this interactive tutorial, you will learn about a deserialization vulnerability that has been found recently in Pippo framework. Play and Learn...

5-8 MIN

Pippo Deserialization