Assign the right security training to your teams

Our library of 650+ exercises covers the most popular programming languages and security topics, through both guided tutorials and more difficult challenges. We make it easy for you to find the most relevant training modules for your developers’ needs, to assign them, and to track progress. Discover our extensive content below!

security topics avatao

Languages

Learn more about our language-specific secure coding training modules,
designed for various skill levels:

Teams and roles

You can utilize Avatao in several areas, accross different teams,
and provide training for multiple job roles in your organization:

Web development

Frontend developer
Backend developer
Fullstack developer

Security

AppSec engineer
Security Engineer

Testing and QA

QA engineer
Web app pentester

DevOps & Cloud

DevOps engineer

Mobile

Android developer

Embedded

Embedded systems developer

Desktop

Desktop software developer

Gaming & Video

Video game developer
Graphics developer

Systems programming

Systems engineer

Security topics

Blank

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

OWASP Top 10 2017
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring

Learn more

Compliance
  • PCI-DSS
  • ISO 27001
  • SOC2

Learn more

Security tools

There are a number of crucial security tools cybersecurity professionals can not live without. We have exercises about several security tools like John the Ripper, which is a vital tool for identifying passwords and testing their strength; the famous penetration testing tool called SQLMap, which automates the process of detecting and exploiting SQL injection flaws, and taking over of database servers; and so on. We also have tutorials about tools such as Capstone and Kaitai Struct.

Authorization

The authorization process of specifying access rights to resources, with which it can be accessed or denied. As being one of the most important security-related part of an application’s business logic, we pay accentuated heed to this topic!

Insecure Direct Object reference (IDOR)

What is an IDOR vulnerability? Check out our realistic attack scenarios and learn how to fix Insecure Direct Object Reference!

Logging

Logging is an important part of supporting and keeping track of the whole lifecycle of an application from creation to debugging. Without proper logging and monitoring, it’s nearly impossible to detect attackers in the system.
We emphasize the importance of proper logging by demonstrating several attack vectors (for example log forging, log injection, etc.)

CLOSE
Blank

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

OWASP Top 10 2021 (proposal)
  • Injection
  • Broken Authentication
  • Cross-Site Scripting (XSS)
  • Sensitive Data exposure
  • Insecure Deserialization
  • Broken Access Control
  • Insufficient Logging & Monitoring
  • Server-Side Request Forgery (SSRF)
  • Using Components with Known Vulnerabilities
  • Security Misconfiguration

Learn more

DevSecOps

It’s no secret IT security should play an integrated role in every stage of the development lifecycle. Every organization using a DevOps framework should acquire the DevSecOps mindset and use DevSecOps tools to ensure that security is built into applications rather than being bolted on haphazardly afterwards.
We have basic and security-related tutorials about Git, Vault, Terraform, AWS, and many more challenges to make your applications more secure.

Cryptography

Cryptographic systems in computer security can provide one or more of the following four services: authentication, non-repudiation, confidentiality, and integrity.
The users can deep-dive in several topics of cryptography like secure password hashing, hybrid encryption, MAC-and-ENC protocol, and many more.

Smart Contract Security

Learn about the most common vulnerability types in Ethereum smart contracts from Re-Entrancy to Timestamp Dependence.

Cross-Site Request Forgery (CSRF)

CSRF is one of the oldest web security issues and even if our applications are getting protected against it on a framework and even browser level, it’s still a relevant issue!

CSP

By injecting the Content-Security-Policy (CSP) headers from the server, the browser is aware and capable of protecting the user from dynamic calls that will load content into the page currently being visited. By adding this layer of security we can detect and mitigate certain types of attacks like XSS and other data injection attacks.
We teach the importance and proper use of CSP on our platform.

 

CLOSE
Blank

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Web Security

Web security is one of the most important aspects of IT security nowadays, which is why we have extensive content for backend, frontend, and even browser related exercises. We’re tackling CORS, security headers, XSS, and have some great tutorials about web cache poisoning and web cache deception as well!

Learn more

Security Breaches & Bug Bounties

We have several challenges and tutorials based on security breaches and bug bounty reports from the real world. Check out these exercises to see what kind of security bugs Google, PayPal, Yahoo!, GitHub, Tinder, and other large companies are fighting nowadays!

Learn more

Authentication

Learn the basics of SAML Security, broken authentication, find out what could go wrong with the user session after they log in, and master user authentication practices and procedures.

Access Control

Our objective is to guide the developers and architects on how to design, create and maintain access control in different languages and frameworks in web applications. We address the main categories of access control methods by demonstrating the possible vulnerabilities, attack vectors, and fixes.

Denial of Service (DoS)

With a DoS attack, a server or application can be made unavailable to its intended users by temporarily disrupting the services of a host connected to the Internet. This common attack vector can lead to huge resource consumption either in memory or CPU time. We demonstrate how it is performed, and also how to be protected against it. We have exercises about different types of DoS (eg. application-level DoS, ReDoS, etc.).

CLOSE

Build your own content

We allow companies to bring their own ideas, and add new exercises to their private space on our platform. This flexibility enables our clients to solve problems custom tailored to their needs. For technical details of the process click here, or feel free to contact us directly.

secure coding training module avatao

See Avatao in action!

Reach out to us to find out how your company can utilize our training to boost developers’ secure coding skills!