You know what they say about app security – 99% secure is 100% vulnerable. To help in the ever-going fight against malicious software and those who peddle it, we are open-sourcing our training platform for web application security.  

A while ago, Infobip’s Application Security Team searched for a way to keep developers up to date with common vulnerabilities running in the wild. We asked ourselves if we should outsource education to some 3rd party or use something free that is already available on the market.  

Infobip reaches billions of users, so you can imagine just how much sensitive information goes through our system – and why security is a top priority. That’s why, after a bit of tinkering (and copious amounts of coffee), we decided to build a training platform for our developers and present it in live sessions.  

The platform comes as two separate web applications, one solely based on Java and a combination of ReactJS and Node.js, a combination that needs more proper resources in the community.   
 

Protect your app against top 10 vulnerabilities – and bad coding practices  
 

The platform can be used as a self-paced course or for instructor-led workshops, for individuals or entire departments. Given the ever-evolving nature of threats to app securities, both seasoned developers and beginners can benefit from the training. 

Not to mention that setting it up is as simple as running a docker container.  

You’ll learn how to keep safe from OWASP Top 10 vulnerabilities:  

  • SQL injection,  
  •  command injection,   
  • XML external entities injection,   
  • cross-site scripting,   
  • template injection,   
  • server-side request forgery and   
  • path traversal   

… sprinkled with some common bad coding practices.   
 

Get the source code and documentation on our GitHub. 

If you find bugs or want to pitch in, we are more than happy to receive feedback and contributions ideas.