In a newly developed partnership with HackEDU, HackerOne announced that it has released a free web hacker training, adding to its Hacker101 offerings. Based on five popular, publicly disclosed vulnerability reports for which top bug bounty hackers initially earned up to $5,000 for reporting, HackerOne and HackEDU have created an interactive cybersecurity sandboxed training environment modeled after these real-world vulnerability reports.
Through training in this safe and legal simulated environment, hackers will learn the techniques of clickjacking, a vulnerability that can be used to create a worm; and XXE, a vulnerability that can be exploited to steal files. In addition participants will learn remote code execution (RCE), a vulnerability on a server that first earned a $5,000 bounty; and an SQL injection attack using sqlmap that steals data. Rounding out the the top-five vulnerabilities is an XSS attack, which causes a user to send you data without their knowledge.
Committed to growing and empowering the white hat community, HackerOne and HackEDU are providing free access to their training materials. The new HackEDU-developed vulnerability sandboxes are the latest in their interactive coursework available to hackers, who can also join existing Hacker101 interactive content, coursework and capture the flag (CTF) challenges, according to a press release.
“Hacking is a highly sought after skill, but it is not always clear how to get started or advance to the next level. This is why we started Hacker101,” said Cody Brocious, HackerOne security researcher and head of hacker education, in the release. “Now with HackEDU’s sandboxes and interactive lessons, hackers can test their skills like never before. With simulated real-world bugs – originally discovered by top bug hunters in the community – you will learn something new with these latest sandboxes, no matter your skill level.”
“HackEDU is proud to offer real-world applications with real-world vulnerabilities found on HackerOne’s platform,” said Jared Ablon, HackEDU’s CEO, in the release. “With this addition to HackEDU’s current offerings, users can explore how vulnerabilities manifest themselves in applications that people use everyday which enhances the learning process for both attackers and defenders.”