Cybersecurity Labs (Docker / Podman)

Small, self-contained security labs you can run locally with the Docker CLI (Podman-compatible). Each lab includes a vulnerable build, a fixed build, and a short walkthrough.

Prerequisites

Labs

Lab: API Mass Assignment & Excessive Data Exposure (OWASP API3:2023)

A modern AppSec lab demonstrating API Mass Assignment and Excessive Data Exposure (OWASP API3:2023) in a Node.js Express service.

Linux Privilege Escalation Lab (sudo misconfiguration)

A minimal, realistic container lab where you start as a low-privilege user (student) and escalate to root due to a dangerous sudoers rule.

Web Exploitation Lab (File Upload) — Flask

A minimal Flask app that demonstrates common file upload risk patterns and how to fix them.

Web Exploitation Lab (IDOR / Broken Access Control) — Flask + SQLite

A focused case study demonstrating Broken Access Control via an Insecure Direct Object Reference (IDOR).

Web Exploitation Lab (PHP Attack Chain) — File Upload + Command Injection

A minimal PHP + Apache lab that demonstrates how risky upload handling and command execution from user input can lead to full application compromise.

Web Exploitation Lab (SQL Injection) — Flask + SQLite

A minimal Flask app with a deliberately vulnerable login that is susceptible to SQL injection.

Web Exploitation Lab (SSRF) — Node.js URL Fetcher

A small DevSecOps-focused lab demonstrating Server-Side Request Forgery (SSRF) in a controlled, container-only setup.

Web Exploitation Lab (SSTI) — Flask + Jinja2

A minimal Flask app that demonstrates Server-Side Template Injection (SSTI) using Jinja2.

Web Exploitation Lab (Stored XSS) — Support Tickets (Flask + SQLite)

A Dockerized vulnerable web application demonstrating Stored Cross-Site Scripting (Stored XSS) using a simple support ticket system.

Web Exploitation Lab — JWT Authentication Pitfalls

A containerized security lab demonstrating common JWT authentication and authorization flaws, including alg=none acceptance and insecure trust of user-controll…

Web Exploitation Lab — Web Cache Poisoning

A realistic DevSecOps-focused lab demonstrating Web Cache Poisoning using a containerized environment running Nginx as a reverse proxy cache and a Flask-based…