Training updates
The updates on this page apply to Veracode Security Labs and Veracode eLearning. Updates that apply to specific Veracode regions show a region icon.
Security Labs is only available in the Commercial region. 
eLearning is available in all Veracode regions.
May 1, 2024
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Forging User Requests (Python, Flask)
April 29, 2024
eLearning course updates
The following 32 courses now have updated cover pages and optional closed captions:
- Secure Coding Foundations (7 courses)
- AppSec Tutorials (11 courses)
- General Security (9 courses)
- Mobile Security (4 courses)
- OWASP Top Ten (2021) (1 course)
April 3, 2024
New Security Labs lessons
OWASP API Security Top 10 labs
- OWASP API 6: Bad Design Compromises Security (JavaScript)
- OWASP API 7: Jot Down this Key (JavaScript)
- OWASP API 7: Secret Admin (JavaScript)
- OWASP API 7: eXternal Entity Injection (JavaScript)
- OWASP API 7: XML is Always a Challenge (JavaScript)
- OWASP API 8: Own the Database (JavaScript)
- OWASP API 8: Parameterize All the Things (JavaScript)
- OWASP API 8: Bobby Tables (JavaScript)
- OWASP API 9: Unprotected Deployments (JavaScript)
- OWASP API 10: The Importance of Logging and Monitoring (JavaScript)
- OWASP API 10: Logging in the API Infrastructure (JavaScript)
March 6, 2024
New Security Labs lessons
OWASP API Security Top 10 labs
- OWASP API 1: One ID to Access All Objects (JavaScript)
- OWASP API 1: Stronger IDs (JavaScript)
- OWASP API 2: Really, Really Bad Passwords (JavaScript)
- OWASP API 2: Terrible Password (JavaScript)
- OWASP API 3: Bugs in Debug (JavaScript)
- OWASP API 3: Revealing Schemas (JavaScript)
- OWASP API 4: Slow Down (JavaScript)
- OWASP API 4: Brute Force (JavaScript)
- OWASP API 4: Denial of Service (JavaScript)
- OWASP API 5: Neglected Endpoints (JavaScript)
February 7, 2024
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Forging User Requests (.NET)
OWASP API Security Top 10 labs
- OWASP API 10: The Importance of Logging and Monitoring (Java)
- OWASP API 10: Logging in the API Infrastructure (Java)
January 16, 2024
New Security Labs lesson
OWASP API Security Top 10 labs
- OWASP API 9: Unprotected Deployments (Java)
December 6, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Redirect Rodeo (.NET, JavaScript)
- OWASP 8: Prototype Protection Agency (JavaScript)
OWASP API Security Top 10 labs
- OWASP API 8: Own the Database (Java)
- OWASP API 8: Parameterize All the Things (Java)
- OWASP API 8: Bobby Tables (Java)
November 1, 2023
New Security Labs lessons
OWASP API Security Top 10 labs
- API 7: Jot Down This Key (Java)
- API 7: Secret Admin (Java)
- API 7: eXternal Entity (Java)
- API 7: XML is Always a Challenge (Java)
May 3, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New OWASP 10: Get There From Here (Python, Go)
April 5, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New OWASP 10: Get There From Here (.NET, Flask)
OWASP API Security Top 10 labs
- API 5: Neglected Endpoints (Java)
- API 6: Bad Design Compromises Security (Java)
- API 6: Bad Design Compromises Security (.NET) (revamped!)
March 1, 2023
New Security Labs lessons
Getting Started Labs
New Getting Started - Lesson Zero (Flask, Go, Python)
OWASP Top 10 2021 labs
- OWASP 1: Broken Access Control - Secrets in the Log (Java)
- OWASP 4: Making Secure Decisions (Flask, Go, Python)
OWASP API Security Top 10 labs
- API 4: Slow Down (Java)
- API 4: Brute Force (Java)
- API 4: Denial of Service (Java)
February 1, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Broken Access Control - Loose Lips Sink Servers (Dotnet)
- Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)
OWASP API Security Top 10 labs
- API 3: Bugs in Debug (Java)
- API 3: Revealing Schemas (Java)
January 4, 2023
New Security Labs lessons
OWASP Top 10 2021 labs
New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (Dotnet)
OWASP API Security Top 10 labs
- API 2: Really, Really Bad Passwords (Java)
- API 2: Terrible Password (Java)
December 6, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 4: Insecure Design - Insecure Decisions (Dotnet, Java)
- OWASP 4: Making Secure Decisions (Java)
OWASP API Security Top 10 labs
- API 1: One ID to Access All Objects (Java)
- API 1: Stronger IDs (Java)
Getting Started Labs
New Getting Started - Lesson Zero (Java, Node)
November 1, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
- OWASP 4: Insecure Design - Valid Deficit (Dotnet)
OWASP API Security Top 10 labs
New API 4: Lack of Resources & Rate Limiting - Denial of Service
October 4, 2022
New Security Labs lessons
OWASP Top 10 2021 labs
- OWASP 4: Insecure Design - Valid Deficit (Node)
- OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Dotnet, Java)
September 26, 2022
Topic Progress Bar Now Focused on Required Labs
In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.
September 6, 2022
One New Security Labs Lesson
OWASP Top 10 2021 labs
New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)
August 24, 2022
New Click-Through Tour
- After an administrator assigns a user the Manager role, they are given a one-time option to take a tour about the actions managers can do in Security Labs.
- You can also read new documentation on manager permissions.
August 3, 2022
Three New API Security Labs Lessons
OWASP API Security Top 10 labs
- New API 9 Improper Assets Management - Unprotected deployments (.NET)
- New API 10 Insufficient Logging & Monitoring - The Importance of Logging and Monitoring (.NET)
- New API 10 Insufficient Logging & Monitoring - Logging in the API Infrastructure (.NET)
July 6, 2022
Seven New API Security Labs Lessons and One Updated OWASP Course
OWASP API Security Top 10 labs
- New API 7 Security Misconfiguration - Jot down this key (.NET)
- New API 7 Security Misconfiguration - Secret Admins (.NET)
- New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
- New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
- New API 8 Injection - Own the database (.NET)
- New API 8 Injection - Parameterize all the things (.NET)
- New API 8 Injection - Bobby Tables (.NET)
OWASP Top 10:2021:10 Server-Side Request Forgery
New Get There From Here (Node)
June 30, 2022
Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials
- Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
- Added two new AppSec Tutorials on Learner Level 2
June 1, 2022
The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses
OWASP API Security Top 10 labs
- API5:2019 Neglected endpoints (.NET)
- API6:2019 Bad Design Compromises Security (.NET)
OWASP Top 10 2021 labs
See the Course Catalog for more details.
- A01:2021 Broken Access Control
- A02:2021 Cryptographic Failures
- A03:2021 Injection
- A05:2021 Security Misconfiguration
- A06:2021 Vulnerable and Outdated Components
- A07:2021 Identification and Authentication Failures
- A08:2021 Software and Data Integrity Failures
- A09:2021 Security Logging and Monitoring Failures
May 19, 2022
The Security Training Team Released Three New eLearning Courses and Updated One Course
- Updated A04: eLearning Secure Architecture and Design
- OWASP Top 10 2021
- A10: Server-Side Request Forgery AppSec Tutorial
- A08: Software and Data Integrity Failures AppSec Tutorial
May 4, 2022
The Security Training Team Released Seven Labs
OWASP API Security Top 10 Labs:
- API3:2019 Excessive Data Exposure - Bugs in Debug (.NET)
- API3:2019 Excessive Data Exposure - Revealing Schemas (.NET)
- API4:2019 Lack of Resources and Rate Limiting - Slow Down (.NET)
- API4:2019 Lack of Resources and Rate Limiting - Brute Force (.NET)
OWASP Top 10 2021 Labs:
- A04:2021 Insecure Design - Making Secure Decisions (.NET)
- A08:2021 Software and Data Integrity Failures - Sleeping With the Enemy (.NET, Node)
- A10:2021 Server-Side Request Forgery - Get There From Here (Java)
April 6, 2022
Two New Labs
- OWASP API #1 - Broken Object Level Authorization
- OWASP API #2 - Broken User Authentication