This repository contains resources provided by the Duo Security Application security team.
Find out more about Duo Security's efforts to democratize security for all in this blog post: https://duo.com/blog/improving-application-security-education-through-community.
In this directory you'll find PDF and PowerPoint versions of two internal presentations developed and presented by our Application Security team:
- Introduction to Application Security
- Advanced Application Security
Each of these presentations include content covering a wide range of application security topics, common vulnerabilities and remediation recommendations.
As a part of this public release of our content, we've also included the code and content for our custom Hunter2 labs. Hunter2 is a platform specifically designed to help users gain application security knowledge through hands-on labs, identifying issues and fixing vulnerabilities.
Current labs cover:
- HTTP Header Injection
- JSON Injection
- Flaws in JWTs
- Mass Assignment
- Type juggling issues (Power of None)
- Replay Attacks
Each lesson directory contains a content/ subdirectory containing Markdown files for the lesson content and a code/ directory containing the related vulnerable application.
These lessons have been made available on the Hunter2 platform a part of a collaboration between the Hunter2 service and Duo Security. More information about it can be found on the Hunter2 site: https://hunter2.com/community