Enterprises
Individuals
Enterprises
Individuals
Sign in
Menu
Menu
Training for
Library
Platform
Pricing
Resources
Developer
Learn to code securely in 7+ popular languages
Pentester
Master offensive security while learning defensive techniques
Cloud Engineer
Train for the most sought-after security skills in tech
DevOps
Speed up security processes, achieve faster releases
Security Architect
Design software to be secure from the ground up
Security Engineer
Learn to secure any tech stack with purple team security
Security Champion
Bring game-changing security initiatives to your team
Browse all courses
Course Collection
DevSecOps Collection
AWS Security Collection
Kubernetes & Containers Security Collection
Secure Coding Collection
Azure Security Collection
AI & LLM Security Learning Path and Collection
Threat Modeling Collection
GCP Security Collection
Browse all learning paths
Overview
Get a bird's eye of our platform and take your InfoSec training to the next level
Learning Paths
Specialize in any of the 10 domains of security that best suits your needs
DevSecOps Certification
Become a highly sought-after DevSecOps pro
Cloud Sandboxes
Try out all those new skills in a risk-free environment, all on your browser
Hands-on Labs
Learn by doing, with over 800 Hands-on labs
Challenges
Put all those awesome new skills to the test with challenges in Kubernetes, AWS & AppSec
Playgrounds
Spin up secure playgrounds in just a few clicks and work in real world security scenarios
View Individuals Plans
E-books
View all
The Zero Trust Security Handbook
Building Security Champions
What’s New
View all
The Absolute Need for AppSec Training
5 Critical MCP Vulnerabilities Every Security Team Should Know
Events
View all
AI Agent Security: The Good, the bad and the ugly
Workshop: System and Agile Threat Modeling
Knowledge Base
Learning Roadmap for the

Security Engineer

Attacking and Defending SQL Injection with Java Spring Boot
Attacking and Defending Persistent XSS with Java EE
Attacking and Defending Session Fixation with Java EE
Attacking and Defending XXE with Java EE
Implementing CSRF (Cross-Site Request Forgery) with Java EE
Attacking and Defending Insecure Deserialisation with Java EE
Attacking and Defending Insecure Deserialisation with Java EE
Attacking and Defending SSRF with Java EE
Attack and Defense SSRF With Django
Attacking and Defending SQL Injection with Java EE
VueJS: Content Security Policy Playground
ReactJS - Cross Site Scripting Playground
ReactJS - CSP Attack and Defense Playground
TLS and Encrypting Data in Transit
GRAPHQL Attack Vectors
Cross Origin Resource Sharing Playground
SAML Attack and Defense
Kotlin Security Playground
Swift Security Playground
Server-Side Request Forgery: Attack & Defense
Introduction to Web App Cryptography
Injections, XXE, and Insecure Deserialization
Cross-Site-Scripting Attack and Defense
Attacking and Defending Authentication & Access Control
Attacking and Defending SSRF with Scala
Attacking and Defending SQL Injection with Scala
Attacking and Defending Reflected XSS with Scala
Attacking and Defending Path Traversal with Scala
Secure and Insecure Logging with Scala
Attacking and Defending Broken Object Level Authorization with Scala
Attacking and Defending Command Injection with Scala
Ruby on Rails Security Playground
Web Application Firewall Essentials - with ModSecurity
Angular Security Playground
Secrets Management with Hashicorp Vault
OAuth and OIDC Essentials
JWT Jiu-Jitsu
API Security: Attack and Defense

Challenges: 

Needy Lizard
Funny Cobra
Flat Lightning
Urban Baron
Prowling Wings
Dark Jumper
Pesky Beehive
Jumbo Rogue
Loyal Ghost
Formal Wasp
Earnest Hammer
Dessert Lizard
Bad Beehive
Tense Grandma
Goofy Gopher
Gigantic Gopher
Geriatric Gopher
Winter Fly
Dizzy Fox
Fastpass
JamesMoriarty
Xavier
Savannah
SQLStarwars
Cadmen
Charlotte
AWS Ambition System
The Last Request
Python Newsreader
Java Mad Hammer
Java Gifted Fiddler
Java Evil Duster
Java Mute Salesman
Extra Elastic Search
The Cuban Connection
Golang Gritty Gopher
Golang Gorgeous Gopher
Golang Gelatinous Gopher
Golang Gluttonous Gopher
Golang Garrulous Gopher
Do You No De Way
Parse Me That Node
Node're-Dame De
Node Trickster
Node Sessassin
Java Dazzling Wrangler
Java Common Behemoth
Python Mild Packer
Python Gleaming Diamond
Python Toxic Passenger
Amazon Detective: Advanced Security Investigation and Analysis
AWS IAM Access Analyzer
Amazon SQS Security
AWS S3 Security Measures
Terraform 101
Essential AWS API Gateway Security
Advanced AWS VPC Playground
AWS Lambda Vulnerability Assessment Playground
AWS Security Hub Essentials
Auditing AWS Environments
Secrets in AWS
Introduction to AWS S3
Introduction to AWS IAM

Challenges: 

AWS Twinkle Eclipse
AWS Sour Giant
AWS Lost Ribbon
AWS Lazy Sandstorm
AWS Iron Prince
AWS Fatal Tsunami
AWS Double Wings
AWS Dangerous Queen
AWS Cruel Bird
AWS Blue Sunburn
AWS Cheap Tower
AWS Classic Watchman
AWS Lean Flamingo
AWS Chief Prince
AWS Preying Volcano
AWS Impure Knight
AWS Miracle Master
AWS Lame Rogue
AWS Thirsty Sun
AWS Late Alpha
AWS Canine Prince
AWS Angry Eclipse
AWS Alien Doctor
AWS Arctic Cobra
AWS Sweet Aurora
AWS Orange Tower
AWS Hallow Witch
AWS Corrupt Guardian
AWS Empty Lyric
AWS Common Rainbow
AWS Busy Darling
AWS Empty Lightfoot
AWS Bad Sherpa
AWS Agile Trader
AWS Poor Bee
AWS Amazing Darling
AWS Flawless Tuner
AWS Urban Patriot
AWS Corrupt Packer
AWS Death Hammer
AWS Grave Rogue
AWS Dead Robin
AWS Loyal Wolf
AWS Bleak Digger
AWS Distant Surgeon
AWS Old Clown
AWS Crisp Widow
AWS Steel Lizard
AWS Impure Trader
AWS Firm Templer
AWS Digital Carpenter
AWS Crystal Lotus
AWS Lame Lightning
AWS Bruised Prince
AWS Enraged Sunburn
AWS Virtue
AWS Vertex
AWS Rush Hour
AWS Deluge
AWS Enigma box
AWS Hindsight
AWS Colossus
AWS Autonomous Life
Famous Tower
Infamous Author
Grizzled Bat
Silver Lyric
Flawless Bear
Enchanted Guardian
Jealous Nurse
Nervous Darling
Alert Passenger
Defiant Trader
Breaking and Defending Azure Storage
Azure Sentinel: A Comprehensive Guide to Cloud-Native SIEM
Azure functions Security
Practical Azure Key Vault
Securing Network Access to Azure Virtual Machines
Introduction to Azure IAM
Introduction to Azure
Git 101
Jenkins Integration
DevSecOps with Gaia
Jenkins Security Best Practices
OSV Scanner Security Playground
Nuclei Automation for DevSecOps
DevSecOps with Gitlab CI
DAST with Jenkins
Static Analysis and Code Review for DevSecOps
Source Composition Analysis for DevSecOps
SCA with Jenkins
SAST with Jenkins
Github Actions for DevSecOps
DAST Automation with OWASP ZAP
API Attack Surface: Service Account & Token Exploitation
Advanced ArgoCD Security and Access Management
Mastering ArgoCD: Kubernetes Deployment Fundamentals
Introduction to Istio
Attacking Kubernetes Clusters Playground
Kubernetes Policy Management with Kyverno
Kubernetes Network Security and Service-Mesh Essentials
Kubernetes Authentication and Authorization
Kubernetes Admission Control
Kubernetes 101

Challenges: 

Kubernetes Dark Tinkerbell
Kuberentes Alpine Cookie
Kubernetes Arid Hawk
Kubernetes Warm Falcon
Kube Anonom
Antique Bagpipe
Confused Enigma
Miracle Crown
Tense Gambit
Wavy Patriot
Crazy Trader
Polar Lotus
Blissful Sherpa
Infinite Ribbon
Urban Halo
Dual Hunter
Container Security 101
Essentials of Container Monitoring
Container Supply Chain Security Essentials
Attacking and Securing Container Registry
Attacking and Defending Containers
Threat Modeling with Microsoft Threat Modeling Tool
Threat Modelling Essentials
Agile Threat Modelling

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
About Us
Privacy Policy


United States11166 Fairfax Boulevard, 500, Fairfax, VA 22030

APAC
68 Circular Road, #02-01, 049422, Singapore


For Support write to help@appsecengineer.com

FOLLOW APPSECENGINEER
SOC2 Type2 Compliant
4.3
Copyright AppSecEngineer © 2025