AI Security
Learn about AI security vulnerabilities including prompt injection, jailbreaking, and data poisoning. Understand how to secure LLM-powered applications.
For vibe coders who want to ship secure code
Security Learning Center
Learn to identify and prevent security vulnerabilities. Each guide explains how attacks work and how to protect your applications.
Broken Authentication
Learn how broken authentication vulnerabilities allow attackers to bypass login systems, hijack sessions, and impersonate users. Covers weak passwords, session flaws, and credential stuffing.
Container Security
Learn about container escape vulnerabilities, Docker and Kubernetes security risks, and how to protect containerized applications from breakout attacks.
Cryptographic Failures
Learn how cryptographic failures expose sensitive data through weak encryption, poor hashing, hardcoded keys, and missing TLS. Covers password storage, key management, and modern crypto standards.
Insecure Deserialization
Learn how insecure deserialization vulnerabilities enable remote code execution, privilege escalation, and denial of service attacks.
Malicious File Upload
Learn how file upload vulnerabilities allow attackers to upload malicious files, achieve remote code execution, and compromise servers. Covers bypass techniques and secure upload handling.
OAuth and SAML Security
Learn about OAuth 2.0 and SAML authentication vulnerabilities including token attacks, XML signature bypass, SSO exploitation, and secure implementation patterns.
SQL Injection
Learn about SQL injection attacks, from basic UNION-based attacks to blind SQL injection. Master prevention with parameterized queries.
Secrets Exposure
Learn how API keys, passwords, and credentials get leaked in source code, git history, and client-side bundles. Master secrets management.
Server-Side Request Forgery (SSRF)
Learn how SSRF vulnerabilities allow attackers to make requests from your server to internal systems, cloud metadata, and protected resources. Covers cloud attacks, prevention, and real-world breaches.
Server-Side Template Injection (SSTI)
Learn how SSTI vulnerabilities allow attackers to inject malicious code into template engines like Jinja2, Twig, and Freemarker. Covers detection, exploitation, and prevention techniques.
Supply Chain Attacks
Learn how supply chain attacks compromise dependencies and package registries to inject malicious code into applications through trusted packages.