The bearer of this certificate earned 300 total points
by completing secure coding labs through Veracode Security Labs.
Labs are a form of secure code training that
involves hands-on-keyboard
exercises, where users demonstrate their abilities to exploit and patch
code using real applications.
Alex Husniddinov
4afbdd8cff
14 May 2026
The following labs were completed toward certification:
| Lab Name | Topic Name | Language | Points |
|---|---|---|---|
| To Protect and to Serve Secure Cookies | OWASP 1: Broken Access Control |  .NET | 20 |
| Loose Lips Sink Servers | OWASP 1: Broken Access Control | .NET | 10 |
| Forging User Requests | OWASP 1: Broken Access Control | .NET | 10 |
| Fix the Sessions | OWASP 1: Broken Access Control |  Java | 10 |
| Redirect Rodeo | OWASP 1: Broken Access Control | .NET | 10 |
| Get There from Here | OWASP 1: Broken Access Control | .NET | 10 |
| Secrets in the Log | OWASP 1: Broken Access Control | Java | 10 |
| Can you keep a secret? | OWASP 2: Security Misconfiguration |  NodeJS | 10 |
| Jot down this key | OWASP 2: Security Misconfiguration | .NET | 10 |
| Insufficient Entropy | OWASP 4: Cryptographic Failures | .NET | 10 |
| eXternal Entity (injection) | OWASP 2: Security Misconfiguration | .NET | 10 |
| External Resolution Challenge | OWASP 2: Security Misconfiguration |  Python Flask | 10 |
| Suspicious Packages | OWASP 3: Software Supply Chain Failures | .NET | 10 |
| Own the database | OWASP 5: Injection | .NET | 10 |
| Parameterize all the things | OWASP 5: Injection | .NET | 10 |
| Bugs in Debug | OWASP 4: Cryptographic Failures | .NET | 10 |
| Secret Logging Challenge | OWASP 4: Cryptographic Failures | Python Flask | 10 |
| Can you see your reflection? | OWASP 5: Injection |  Python Django | 10 |
| Timing is everything Challenge | OWASP 5: Injection | Python Django | 10 |
| Down with Uploads | OWASP 5: Injection | Python Django | 20 |
| Reflected XSS and input formatting | OWASP 5: Injection |  Rails | 10 |
| Angular ERB sanitization | OWASP 5: Injection | Rails | 10 |
| Check your sources | OWASP 5: Injection | Java | 20 |
| Angular HTML and URL sanitization | OWASP 5: Injection | Rails | 10 |
| Bad Cookie Challenge | OWASP 1: Broken Access Control | .NET | 10 |
| Letting Go of the Outdated | OWASP 3: Software Supply Chain Failures | Java | 10 |
| Bulky Updates | OWASP 2: Security Misconfiguration | Rails | 10 |
| XML is always a challenge Challenge | OWASP 2: Security Misconfiguration | .NET | 10 |
| Outdated Dependencies Challenge | OWASP 3: Software Supply Chain Failures | .NET | 10 |
| Helpful Stack Trace Challenge | OWASP 4: Cryptographic Failures | .NET | 10 |
| Bobby Tables Challenge | OWASP 5: Injection | Python Django | 10 |
| Stored XSS versus CSP | OWASP 5: Injection | NodeJS | 20 |
| Alert Challenge | OWASP 5: Injection | Python Django | 10 |
| Persistence Challenge | OWASP 5: Injection | Python Django | 20 |
| Secret Admin Challenge | OWASP 2: Security Misconfiguration | .NET | 10 |