Real vulnerabilities

We have been collecting bugs for years and selecting them for their pedagogical properties

When we think a bug qualifies for our platform we create a challenge for it. That's why we cover many CVEs like shellshock as well as recent Rails vulnerabilities. We make sure that you learn important concepts, not just another bug.

For example, we have a dozen challenges on JSON Web Token (JWT) as JWT introduce really interesting vulnerabilities in their design, implementation, and usage. They also teach how to find vulnerabilities in cryptographic usage without being a mathematics wizard.

We also cover things that are essentials when doing any work in infosec: basic Unix knowledge, common protocols, Intercepting TLS...