Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2023-3219X
This challenge covers the review of a CVE in a Golang project and its patch
|
-- |  |
89 | PRO |
|
|
CVE-2024-433XX
This challenge covers the review of a CVE in a Python codebase and its patch
|
< 1 Hr. | |
157 | PRO |
|
|
CVE-2025-3X5X
This challenge covers the review of a CVE in a Golang project
|
< 1 Hr. | |
75 | PRO |
|
|
CVE-2024-419XX
This challenge covers the review of a CVE in a Python codebase and its patch
|
< 1 Hr. | |
204 | PRO |
|
|
Golang Code Review #10
This challenge covers the review of a simple snippet of code written in Go.
|
< 1 Hr. | |
119 | PRO |
|
|
Golang Code Review #08
This challenge covers the review of a snippet of code written in Golang and has been created to help improve your security code review skills.
|
< 1 Hr. | |
117 | PRO |
|
|
Golang Code Review #06
This challenge covers the review of a vulnerable snippet of Golang and has been created to help improve your security code review skills.
|
< 1 Hr. | |
122 | PRO |
|
SAML: CVE-2025-25291
This exercise covers the exploitation of CVE-2025-25291 (impacting ruby-saml)
|
2-4 Hr. | |
17 | PRO |
|
|
SAML: CVE-2025-29775 Signed Metadata
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto) without XMLResponse
|
2-4 Hr. | |
13 | PRO |
|
|
CVE-2024-6X3X
This challenge covers the review of a CVE (original vulnerable code and diff) of a real go codebase
|
< 1 Hr. | |
88 | PRO |
|
|
CVE-2025-XX95X
This challenge is part of our go code review challenges designed to teach you security code review by reviewing patches
|
< 1 Hr. | |
98 | PRO |
|
|
CVE-2019-X03X
This challenge covers the review of a CVE in a golang codebase and its patch
|
< 1 Hr. | |
92 | PRO |
|
|
CVE-2019-379X
This challenge is part of our golang code review challenges designed to teach you security code review by reviewing patches
|
< 1 Hr. | |
141 | PRO |
|
|
SAML: CVE-2025-29775
This exercise covers the exploitation of CVE-2025-29775 (impacting xml-crypto)
|
1-2 Hr. | |
20 | PRO |
|
|
CVE-2022-37X1
This challenge covers the review of a CVE in a go codebase and its patch
|
< 1 Hr. | |
108 | PRO |
|
UUIDv1 IDOR | 1-2 Hr. |  |
219 | PRO |
|
|
CVE-2023-XX463
This challenge covers the review of a CVE in a Go codebase and its patch
|
-- | |
107 | PRO |
|
|
Golang Code Review #04
This challenge covers the review of a snippet of code written in Golang.
|
-- | |
145 | PRO |
|
API Mass-Assignment 03 | < 1 Hr. | |
424 | PRO |
|
|
API Mass-Assignment 02 | < 1 Hr. | |
457 | PRO |
|
|
API Mass-Assignment 01 | < 1 Hr. | |
484 | PRO |
|
|
Mongo IDOR IV | 2-4 Hr. | |
137 | PRO |
|
|
Mongo IDOR III | < 1 Hr. | |
239 | PRO |
|
|
CVE-2024-X5X87
This challenge covers the review of a CVE in a go codebase and its patch
|
-- | |
108 | PRO |
|
|
API JWT REVOCATION
JWT
This exercise covers how to bypass a weak JWT Revocation Mechanism.
|
< 1 Hr. |  |
467 | PRO |
|
|
CVE-2022-XX975
This challenge covers the review of a CVE in a Go codebase and its patch
|
< 1 Hr. | |
113 | PRO |
|
|
Puzzle 06
Leverage a weak implementation of lowercase to access arbitrary files
|
< 1 Hr. | |
26 | PRO |
|
|
Puzzle 07
Leverage a weak implementation of lowercase to access arbitrary files
|
1-2 Hr. | |
24 | PRO |
|
|
API 18
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
550 | PRO |
|
|
API 19
This exercise covers how to exploit an authorization issue in an API.
|
< 1 Hr. | |
537 | PRO |
Showing 91–120 of 734 exercises
Free Labs of the Month
