Updated: April 8, 2025
Introduction
The Immersive Labs Application Security solution offers a comprehensive range of labs designed to enhance your application security skills and knowledge. Explore a variety of hands-on labs covering topics such as secure coding practices, vulnerability assessment, threat modeling, and secure development methodologies. Whether you are a beginner looking to build a strong foundation or an experienced professional seeking to advance your AppSec expertise, our catalog has something for everyone to sharpen their application security skills in a practical and engaging way.
The Immersive Labs Application Security lab collection consists of the following categories of collections (number of total labs in each category shown in parenthesis):
- Application Security (616)
- Cloud Security (296)
- Offensive Cyber (147)
- Defensive Cyber (102)
- Cyber Threat Intelligence (51)
- Challenges & Scenarios (29)
The full Immersive Labs Application Security catalog can be downloaded as an Excel file at the bottom of this page, which contains more details about each lab and lab series, as well as allowing you to filter, search, and sort.
Note that all labs in the Immersive Labs Application Security catalog are included in the Immersive Labs license.
Application Security (616)
Secure by Design
The Secure by Design labs cover essential topics for building secure applications from the ground up. Users will delve into Secrets Management practices and learn fundamental techniques for Threat Modeling to proactively identify and address security vulnerabilities in the design phase of software development.
| Secure by Design | 11 |
| Secrets Management | 4 |
| Threat Modeling Fundamentals | 7 |
Secure Coding
The Secure Coding labs are designed to help you develop secure coding practices, identify common vulnerabilities in code, and learn how to mitigate security risks in software development.
| Secure Coding | 453 |
|---|---|
| Angular | 5 |
| C/C++ (Beginner, Intermediate, Advanced) | 29 |
| C# .NET Core (Beginner, Intermediate, Advanced) | 34 |
| C# .NET Core 8.0 API (Beginner) | 11 |
| C# .NET Framework (MVC and Web Forms) | 19 |
| Embedded Application Security | 7 |
| Find the Flaw: C | 8 |
| Find the Flaw: C++ | 8 |
| Find the Flaw: Java | 8 |
| Find the Flaw: Kotlin | 8 |
| Find the Flaw: Node.js (JavaScript) | 8 |
| Find the Flaw: PHP | 8 |
| Find the Flaw: Python | 8 |
| Find the Flaw: Ruby | 8 |
| Find the Flaw: Rust | 8 |
| Find the Flaw: TypeScript | 8 |
| Go (Beginner and Intermediate) | 23 |
| Java (Beginner, Intermediate, Advanced) | 46 |
| Java API (Beginner) | 11 |
| Java Spring (Beginner) | 12 |
| Kotlin for Android | 8 |
| Node.js (Beginner, Intermediate) | 22 |
| Node.js API (Beginner) | 10 |
| PHP (Beginner, Intermediate) | 24 |
| Python (Business Logic Flaws, Beg, Inter, Adv) | 45 |
| Python API (Beginner) | 11 |
| Rails (Beginner, Intermediate) | 18 |
| React | 4 |
| Real-World Playground | 20 |
| TypeScript API - Beginner | 11 |
| Vue.js | 5 |
Secure Engineering
The Secure Engineering labs focus on teaching you how to incorporate security principles and practices into the entire software development lifecycle. From threat modeling to secure architecture design and secure deployment strategies, our Secure Engineering labs will help you build secure and robust software systems that withstand cyber threats and attacks.
| Secure Engineering | 17 |
| Introduction to Content Security Policy (CSP) | 6 |
| Security Headers | 10 |
| Secure Engineering | 1 |
Secure Fundamentals
The Secure Fundamentals labs are designed to provide a solid foundation in essential security concepts and principles for individuals new to the field of application security. Covering topics such as encryption, authentication, access control, and secure communication, the Secure Fundamentals labs will help you grasp the core elements of security necessary for building secure applications and systems.
| Secure Fundamentals | 62 |
|---|---|
| AI Fundamentals | 9 |
| Introduction to Cryptography | 12 |
| Mobile Application Security Fundamentals | 12 |
| OWASP Top 10 | 13 |
| Secure Fundamentals | 8 |
| TLS Fundamentals | 8 |
Secure Operations
The Secure Operations labs focus on teaching you how to implement and maintain secure operational practices within your organization's software development and deployment processes. From secure configuration management to incident response and security monitoring, our Secure Operations labs will help you enhance the security posture of your systems and infrastructure. Whether you are a DevOps engineer, system administrator, or security professional, these labs will equip you with the skills needed to ensure secure and resilient operations in today's dynamic threat landscape.
| Secure Operations | 24 |
|---|---|
| Apache | 12 |
| Apache Tomcat | 7 |
| NGINX | 5 |
Secure Testing
These beginner-friendly labs are tailored for individuals who are new to security testing and want to learn the basics of identifying and addressing common vulnerabilities in applications. Through guided exercises and practical scenarios, you will gain hands-on experience in conducting security assessments, penetration testing, and vulnerability analysis to kickstart your journey towards becoming a proficient security tester.
| Secure Testing | 11 |
|---|---|
| Secure Testing (Beginner) | 11 |
Secure Tooling
These labs are designed to familiarize you with various security tools and technologies used in the field of application security. From learning how to use popular security tools for vulnerability scanning, code analysis, and security testing to understanding their functionalities and best practices, our Secure Tooling labs will equip you with the skills needed to leverage tools effectively in securing your applications and systems.
| Secure Tooling | 37 |
|---|---|
| Diving into SonarQube | 6 |
| Browser Developer Tools | 7 |
| Burp Suite | 5 |
| Git Security | 9 |
| OWASP ZAP - Basics | 9 |
| Secure Tooling - Beginner | 7 |
Cloud Security (296)
Amazon Web Services
These labs are designed to help you enhance your cloud security skills specifically within the AWS environment. From securing AWS resources, configuring identity and access management, to implementing best practices for data protection in the cloud, our AWS labs will provide you with hands-on experience in securing your cloud infrastructure effectively.
| Amazon Web Services | 119 |
|---|---|
| Introduction to AWS | 7 |
| AWS Challenge: Jobs at Metrolio | 3 |
| Advanced Logging in AWS | 5 |
| AWS Config | 6 |
| AWS Security Hub | 5 |
| AWS Systems Manager | 7 |
| EC2 (Elastic Compute Cloud) | 11 |
| IAM (Identity and Access Management) | 13 |
| Investigating IAM Incidents in AWS | 4 |
| Incident Response and Forensics for EC2 | 3 |
| Introduction to Incident Response & Forensics in AWS | 5 |
| S3 (Simple Storage Service) | 9 |
| Secrets and Encryption in AWS | 4 |
| Securing Serverless Workflows with AWS Lambda | 5 |
| Securing Web Applications with AWS WAF and CloudFront | 4 |
| Threat Detection with Amazon GuardDuty | 4 |
| Top 10 AWS Attacker Techniques 2023 | 10 |
| VPC and Network Security | 7 |
Azure
These collections and labs offer a comprehensive exploration of core concepts and services within the Azure cloud platform. Participants are introduced to fundamental topics such as storage accounts, virtual machines, and serverless function applications, enabling them to gain practical experience in configuring resources through the Azure web portal. This collection serves as a vital starting point for learners to develop foundational skills in Azure cloud services before progressing to more advanced topics in Azure-focused labs.
| Azure | 38 |
|---|---|
| Kusto Query Language | 11 |
| Microsoft Azure Basics | 8 |
| Microsoft Defender for Cloud | 6 |
| Microsoft Sentinel Blue Team Ops | 6 |
| Microsoft Sentinel Deployment & Log Ingestion | 5 |
| Microsoft Sentinel: Security Orchestration Automation and Response (SOAR) | 5 |
Cloud Security Fundamentals
These labs are designed to provide a foundational understanding of cloud computing concepts and best practices for securing cloud environments. Covering topics such as cloud service models, shared responsibility model, identity and access management in the cloud, and data encryption, the Cloud Fundamentals labs will help you build a solid knowledge base in cloud security essentials.
| Cloud Fundamentals | 49 |
|---|---|
| Cloud Fundamentals | 12 |
| DevSecOps | 9 |
| NCSC - Cloud Security Guidance | 15 |
| NIST - Guidelines on Security and Privacy in Public Cloud Computing (800-144) | 10 |
| Zero Trust in the Cloud | 4 |
Cloud Tooling
These labs are designed to familiarize you with a variety of tools and technologies used for securing cloud environments, specifically focusing on popular cloud platforms such as AWS, Azure, and Google Cloud Platform. From learning how to use cloud security tools for monitoring, compliance, and incident response to understanding best practices for securing cloud infrastructure, our Cloud Tooling labs will equip you with the skills needed to effectively manage and protect your cloud resources.
| Cloud Tooling | 59 |
|---|---|
| Apache & Apache Tomcat | 19 |
| AWS Community - Security Tooling | 3 |
| Container Hardening - Docker | 5 |
| NGINX | 5 |
| OAuth and OpenID Connect | 6 |
| Secrets Management with HashiCorp Vault | 10 |
| Secure Terraform (AWS, Azure,Google Cloud Platform) | 13 |
Kubernetes
These labs are designed to help you understand and secure Kubernetes clusters. From configuring Kubernetes security settings to implementing best practices for securing containerized applications, our Kubernetes labs will provide you with hands-on experience in managing the security of your Kubernetes deployments.
| Kubernetes | 31 |
|---|---|
| CISA and NSA Kubernetes Hardening Guidance | 6 |
| Kubernetes - Fundamentals | 8 |
| Kubernetes - Logging | 5 |
| Kubernetes - Offensive Security | 5 |
| Kubernetes - Pod Security | 7 |
Offensive Cyber (147)
Web App Hacking
These labs are designed to immerse you in the world of web application security testing, covering a wide range of common vulnerabilities and attack techniques. From cross-site scripting (XSS) to SQL injection, broken authentication, and more, the Web Hacking labs will sharpen your skills in identifying, exploiting, and mitigating security flaws in web applications.
| Web App Hacking | 118 |
| Authentication and Authorization Flaws | 10 |
| Burp Suite | 5 |
| Cross-Site Scripting (XSS) | 7 |
| CVEs (Web App Hacking) | 25 |
| Databases | 5 |
| Hack Your First Web Application | 6 |
| Intermediate Web App Hacking | 7 |
| Intro to Web App Hacking | 12 |
| Introduction to Penetration Testing | 5 |
| OWASP (2017) Java | 9 |
| OWASP Top 10 | 13 |
| Server-Side Template Injection | 6 |
| SQL Injection | 5 |
| SQL Injection Basics | 7 |
Infrastructure Hacking
These labs focus on hands-on exercises and challenges related to identifying and exploiting vulnerabilities in network infrastructure, servers, and systems. Participants will learn techniques for penetration testing, privilege escalation, and securing infrastructure against common cyber threats. These labs provide a practical environment for cybersecurity professionals to enhance their skills in assessing and securing critical infrastructure components.
| Infrastructure Hacking | 29 |
| CVEs (Infrastructure Hacking and Privilege Escalation) | 9 |
| Databases | 5 |
| Infrastructure Hacking | 2 |
| Introduction to Penetration Testing | 5 |
| IoT & Embedded Devices | 9 |
Offensive Cyber (Other)
| Offensive Cyber (Other) | 13 |
| Exploit Development (Offensive) | 6 |
| Reverse Engineering - Interpreted Languages | 7 |
Defensive Cyber (102)
Defensive Fundamentals
These labs offer practical exercises and scenarios to help participants develop essential skills in defending against cyber threats and attacks. Participants will learn fundamental concepts of cybersecurity defense, incident response, and best practices for securing applications and systems. These labs provide a hands-on learning experience to enhance participants' abilities in mitigating risks and protecting against security breaches in an application security context.
| Defensive Fundamentals | 49 |
| AI Fundamentals | 9 |
| NIST - Guidelines on Security and Privacy in Public Cloud Computing (800-144) | 10 |
| NIST - Security and Privacy Controls for Information Systems and Organizations (800-53) | 22 |
| Elastic (Data Ingest, Playground, Stack) | 11 |
| Secure Fundamentals | 8 |
Firewalls
This collection of labs features two comprehensive lab collections focused on Fortinet's Next-Generation Firewall and Palo Alto Network's Next-Generation Firewall. Users can dive into these labs to enhance their skills in configuring, managing, and securing network firewalls, ensuring robust defense mechanisms against evolving cyber threats. Explore the Firewall category to strengthen your expertise in network security and advance your AppSec knowledge.
| Firewalls | 10 |
| Fortinet's Next-Generation Firewall | 5 |
| Palo Alto Network's Next-Generation Firewall | 5 |
Incident Response
These labs focus on preparing participants to effectively respond to cybersecurity incidents and breaches. Participants will practice identifying, containing, and mitigating security breaches, as well as developing incident response plans and procedures. These labs provide hands-on simulations to enhance participants' skills in handling and responding to various cyber incidents in a realistic and controlled environment.
| Incident Response | 23 |
| CVEs (Threat Hunting) | 6 |
| Elastic Stack | 10 |
| Log Analysis | 7 |
Reverse Engineering (Defensive)
| Reverse Engineering (Defensive) | 7 |
| RE - Interpreted Languages | 7 |
Vulnerability Management
| Reverse Engineering (Defensive) | 13 |
| OWASP Top 10 | 13 |
Cyber Threat Intelligence (51)
Campaigns and CVEs
These labs focus on preparing participants to effectively respond to cybersecurity incidents and breaches. Participants will practice identifying, containing, and mitigating security breaches, as well as developing incident response plans and procedures. These labs provide hands-on simulations to enhance participants' skills in handling and responding to various cyber incidents in a realistic and controlled environment.
| Campaigns and CVEs | 51 |
| Hafnium | 1 |
| Log4Shell (CVE-2021-44228 & CVE-2021-45046) | 4 |
| MOVEit (CVE-2023-34362) | 3 |
| Spring4Shell (CVE-2022-22965) | 4 |
| CISA KEV | 4 |
| CVEs (Infrastructure Hacking) | 7 |
| CVEs (Privilege Escalation) | 1 |
| CVEs (Threat Hunting) | 3 |
| CVEs (Web App Hacking) | 18 |
| Latest CVEs | 10 |
| Threat Research | 2 |
Challenges and Scenarios (30)
| Halloween 202: Return to Haunted Hallow | 9 |
| Halloween: The Haunted Hollow | 10 |
| AWS Challenge: Jobs at Metrolio | 3 |
| DFIR CTF / Exploitation Development | 2 |
| AI Challenges | 3 |
| The Human Connection Challenge: Season 1 | 3 |