Labtainers exercises from other sources are available as IModules described below.  As you create new lab exercises, please consider sharing them with the community by providing me (mfthomps at with the URL to your IModules as described in the Lab Designer Guide.


OWASP Web Security Labs from Liberty University


Access these labs by entering this at the labtainer-student prompt:


Lab Description difficulty
web-brokenaccess Explore broken access control, which happens when the application allows a user to perform unauthorized actions. 3
web-brokenauth This lab covers how to reset password using a GET request, how to bypass multifactor authentication, and how decode session tokens. 3

Explore SQL/NoSQL injections along with Web based injections using PUT/POST/PATCH.

web-insdes Explore insecure deserialization, which happens when the developer doesn’t check serialized data that a user sends to the application. 3
web-inslog Use logging and monitoring to detect system infiltration by looking for traffic which usually doesn’t correspond to the normal traffic. 3
web-sde Explores the disclosure of data which is not meant to be publicly accessible,  known as sensitive data exposure (SDE). 3
web-secmis Web server security misconfigurations which result in vulnerabilities. 3
web-vulcom Explore using components with known vulnerabilities. You might have totally secured your own code, but what about the dependencies you are using? 3
web-xss Cross-site scripting (XSS), which is a type of vulnerability commonly found in web applications. 3
web-xxe An XML External Entity attack is a type of attack against an application that parses XML input. 3