Assign the right security training to your teams

Our library of 650+ exercises covers the most popular programming languages and security topics, using both guided tutorials and more difficult challenges. We make it easy for you to find the most relevant training modules for your developers’ needs, assign them, and track progress. Discover our extensive content below!

security topics avatao

Languages

Learn more about our language-specific secure coding training modules,
designed for various skill levels:

Teams and roles

You can utilize Avatao in several areas across different teams
and provide training for multiple job roles in your organization:

Web development

Frontend developer
Backend developer
Fullstack developer

Security

AppSec engineer
Security Engineer

Testing and QA

QA engineer
Web app pentester

DevOps & Cloud

DevOps engineer

Mobile

Android developer

Embedded

Embedded systems developer

Desktop

Desktop software developer

Gaming & Video

Video game developer
Graphics developer

Systems programming

Systems engineer

Security topics

Blank

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

OWASP Top 10 2017
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring

Learn more

Compliance
  • PCI-DSS
  • ISO 27001
  • SOC2

Learn more

Security tools

There are a number of crucial security tools cybersecurity professionals cannot live without. We have exercises about several security tools: John the Ripper, a vital tool for identifying passwords and testing their strength; SQLMap, the famous penetration testing tool which automates the process of detecting and exploiting SQL injection flaws and the taking over of database servers; and many more. We also have tutorials about tools such as Capstone and Kaitai Struct.

Authorization

The authorization process of specifying access rights to resources and whether access is granted or denied. As one of the most important security-related aspects of an application’s business logic, we pay particular attention to this topic!

Insecure Direct Object Reference (IDOR)

What is an IDOR vulnerability? Check out our realistic attack scenarios and learn how to fix Insecure Direct Object Reference!

Logging

Logging is an important part of supporting and keeping track of the lifecycle of an application, from creation to debugging. Without proper logging and monitoring, it’s nearly impossible to detect attackers in the system. We emphasize the importance of proper logging by demonstrating several attack vectors (for example, log forging, log injection, etc.)

CLOSE
Blank

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

OWASP Top 10 2021 (proposal)
  • Injection
  • Broken Authentication
  • Cross-Site Scripting (XSS)
  • Sensitive Data exposure
  • Insecure Deserialization
  • Broken Access Control
  • Insufficient Logging & Monitoring
  • Server-Side Request Forgery (SSRF)
  • Using Components with Known Vulnerabilities
  • Security Misconfiguration

Learn more

DevSecOps

It’s no secret that IT security should play an integral role in every stage of the development lifecycle. Every organization using a DevOps framework should acquire the DevSecOps mindset and use DevSecOps tools to ensure that security is built into applications, and not just haphazardly bolted on afterwards. We have tutorials about Git, Vault, Terraform, AWS, and many more challenges to make your applications more secure.

Cryptography

Cryptographic systems in computer security can provide one or more of the following four services: authentication, non-repudiation, confidentiality, or integrity. Users can deep-dive into several cryptography topics such as secure password hashing, hybrid encryption, MAC-and-ENC protocol, and many more.

Smart Contract Security

Learn about the most common vulnerability types in Ethereum smart contracts, from Re-Entrancy to Timestamp Dependence.

Cross-Site Request Forgery (CSRF)

CSRF is one of the oldest web security issues, and even if our applications are getting protected against it on a framework – and even browser – level, it remains a relevant issue!

CSP

By injecting the Content-Security-Policy (CSP) headers from the server, the browser is aware and capable of protecting the user from dynamic calls that will load content into the page currently being visited. By adding this layer of security we can detect and mitigate certain types of attacks like XSS and other data injections.
We teach the importance and proper use of CSP on our platform.

 

CLOSE
Blank

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Web Security

Web security is one of the most important aspects of IT security nowadays, which is why we have extensive content for backend, frontend, and even browser-related exercises. We’re tackling CORS, security headers, XSS, and have some great tutorials about web cache poisoning and web cache deception as well!

Learn more

Security Breaches & Bug Bounties

We have several challenges and tutorials based on real-world security breaches and bug bounty reports. Check out these exercises to see what kind of security bugs Google, PayPal, Yahoo!, GitHub, Tinder, and other large companies are fighting nowadays!

Learn more

Authentication

Learn the basics of SAML Security and broken authentication, find out what could go wrong with the user session after they log in, and master user authentication practices and procedures.

Access Control

Our objective is to guide the developers and architects on how to design, create, and maintain access control in different languages and frameworks in web applications. We address the main categories of access control methods by demonstrating the possible vulnerabilities, attack vectors, and fixes.

Denial of Service (DoS)

With a DoS attack, a server or application can be made unavailable to its intended users by temporarily disrupting the services of a host connected to the Internet. This common attack vector can lead to huge resource consumption either in memory or CPU time. We demonstrate how it is performed, and also how to be protected against it. We have exercises about different types of DoS (eg. application-level DoS, ReDoS, etc.).

CLOSE

Build your own content

We allow companies to bring their own ideas, and add new exercises to their private space on our platform. This flexibility enables our clients to solve problems that are tailored to their needs. For technical details of the process click here, or feel free to contact us directly.

secure coding training module avatao

See Avatao in action!

Contact us to find out how your company can utilize our training to boost developers’ secure coding skills!