Duo Security - Application Security Education

This repository contains resources provided by the Duo Security Application security team.

Find out more about Duo Security's efforts to democratize security for all in this blog post: https://duo.com/blog/improving-application-security-education-through-community.

Training Decks

In this directory you'll find PDF and PowerPoint versions of two internal presentations developed and presented by our Application Security team:

• Introduction to Application Security
• Advanced Application Security

Each of these presentations include content covering a wide range of application security topics, common vulnerabilities and remediation recommendations.

Hunter2 Labs

As a part of this public release of our content, we've also included the code and content for our custom Hunter2 labs. Hunter2 is a platform specifically designed to help users gain application security knowledge through hands-on labs, identifying issues and fixing vulnerabilities.

Current labs cover:

• HTTP Header Injection
• JSON Injection
• Flaws in JWTs
• Mass Assignment
• Type juggling issues (Power of None)
• Replay Attacks

Each lesson directory contains a content/ subdirectory containing Markdown files for the lesson content and a code/ directory containing the related vulnerable application.

These lessons have been made available on the Hunter2 platform a part of a collaboration between the Hunter2 service and Duo Security. More information about it can be found on the Hunter2 site: https://hunter2.com/community