AI Security
Learn about AI security vulnerabilities including prompt injection, jailbreaking, and data poisoning. Understand how to secure LLM-powered applications.
For vibe coders who want to ship secure code
Security Learning Center
Learn to identify and prevent security vulnerabilities. Each guide explains how attacks work and how to protect your applications.
Broken Authentication
Learn how broken authentication vulnerabilities allow attackers to bypass login systems, hijack sessions, and impersonate users. Covers weak passwords, session flaws, and credential stuffing.
Cryptographic Failures
Learn how cryptographic failures expose sensitive data through weak encryption, poor hashing, hardcoded keys, and missing TLS. Covers password storage, key management, and modern crypto standards.
Insecure Deserialization
Learn how insecure deserialization vulnerabilities enable remote code execution, privilege escalation, and denial of service attacks.
Malicious File Upload
Learn how file upload vulnerabilities allow attackers to upload malicious files, achieve remote code execution, and compromise servers. Covers bypass techniques and secure upload handling.
SQL Injection
Learn about SQL injection attacks, from basic UNION-based attacks to blind SQL injection. Master prevention with parameterized queries.
Secrets Exposure
Learn how API keys, passwords, and credentials get leaked in source code, git history, and client-side bundles. Master secrets management.
Server-Side Request Forgery (SSRF)
Learn how SSRF vulnerabilities allow attackers to make requests from your server to internal systems, cloud metadata, and protected resources. Covers cloud attacks, prevention, and real-world breaches.
Server-Side Template Injection (SSTI)
Learn how SSTI vulnerabilities allow attackers to inject malicious code into template engines like Jinja2, Twig, and Freemarker. Covers detection, exploitation, and prevention techniques.
API Security
Learn to identify and prevent API security vulnerabilities including broken authentication, object-level authorization flaws, and injection attacks.
Cross-Site Scripting (XSS)
Learn about XSS attacks including reflected, stored, and DOM-based variants. Master prevention with output encoding and Content Security Policy.
Insecure Direct Object Reference (IDOR)
Learn how IDOR vulnerabilities allow attackers to access other users' data by manipulating object references. Covers horizontal and vertical privilege escalation, detection, and access control implementation.
Race Conditions
Learn how race conditions and TOCTOU vulnerabilities allow attackers to exploit timing windows between security checks and actions.
Security Misconfiguration
Learn how security misconfigurations expose applications through default credentials, debug endpoints, excessive permissions, and missing security headers. Covers hardening and prevention strategies.
Cross-Site Request Forgery (CSRF)
Learn how CSRF attacks trick authenticated users into performing unwanted actions. Covers CSRF tokens, SameSite cookies, double-submit patterns, and defense-in-depth strategies.