The bearer of this certificate earned 300 total points
by completing secure coding labs through Veracode Security Labs.
Labs are a form of secure code training that
involves hands-on-keyboard
exercises, where users demonstrate their abilities to exploit and patch
code using real applications.
Ramakanth Kanchi
9fae53caa0
03 Feb 2021
The following labs were completed toward certification:
| Lab Name | Topic Name | Language | Points |
|---|---|---|---|
| You've been framed | General Application Security: CWE-1021 Improper Restriction of Frames |  Rails | 10 |
| To Protect and to Serve Secure Cookies [DEPRECATED] | OWASP 2017 A5: Broken Access Control [DEPRECATED] |  NodeJS | 10 |
| No Going Back Challenge | General Application Security: CWE-601 Open Redirects | NodeJS | 10 |
| To Protect and to Serve Secure Cookies [DEPRECATED] | OWASP 2017 A5: Broken Access Control [DEPRECATED] |  Python Django | 20 |
| The Art of Redirection | General Application Security: CWE-601 Open Redirects | NodeJS | 10 |
| Forging user requests | General Application Security: CWE-352 Cross-Site Request Forgery | Python Django | 10 |
| Check your sources [DEPRECATED] | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] |  Java | 20 |
| PII Storage | General Application Security: User Data Privacy | NodeJS | 10 |
| Informed Consent | General Application Security: User Data Privacy | NodeJS | 10 |
| Can you see your reflection? [DEPRECATED] | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] | Java | 10 |
| Slow Down [DEPRECATED] | OWASP 2017 A10: Insufficient Logging + Monitoring [DEPRECATED] | Java | 10 |
| Angular ERB sanitization [DEPRECATED] | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] | Rails | 10 |
| See-through traffic | General Application Security: CWE-319 Cleartext Transmission of Sensitive Data | NodeJS | 10 |
| Parameterize all the things [DEPRECATED] | OWASP 2017 A1: Injection [DEPRECATED] | Java | 10 |
| eXternal Entity (injection) [DEPRECATED] | OWASP 2017 A4: XML External Entities (XXE) [DEPRECATED] | NodeJS | 10 |
| eXternal Entity (injection) [DEPRECATED] | OWASP 2017 A4: XML External Entities (XXE) [DEPRECATED] |  PHP | 10 |
| eXternal Entity (injection) [DEPRECATED] | OWASP 2017 A4: XML External Entities (XXE) [DEPRECATED] | Python Django | 10 |
| Can you keep a secret? [DEPRECATED] | OWASP 2017 A6: Security Misconfiguration [DEPRECATED] | Python Django | 20 |
| Stored XSS versus CSP [DEPRECATED] | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] | NodeJS | 20 |
| Alert [DEPRECATED] Challenge | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] | Java | 10 |
| Persistence [DEPRECATED] Challenge | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] | Java | 10 |
| Bugs in Debug [DEPRECATED] | OWASP 2017 A3: Sensitive Data Exposure [DEPRECATED] | Java | 10 |
| Own the database [DEPRECATED] | OWASP 2017 A1: Injection [DEPRECATED] | Java | 10 |
| Down with Uploads [DEPRECATED] | OWASP 2017 A7: Cross-Site Scripting (XSS) [DEPRECATED] | Java | 20 |
| eXternal Entity (injection) [DEPRECATED] | OWASP 2017 A4: XML External Entities (XXE) [DEPRECATED] | Java | 10 |