Learn Mode

Learn Mode provides interactive step-by-step attack scenarios in a simulated browser environment. Walk through real-world attack chains to understand how vulnerabilities are exploited and how to prevent them.

How It Works

Learn Mode uses a guided split-screen interface where you follow along with an interactive attack scenario:

Left Panel — Scenario Guide

Step-by-step instructions, scenario context, and a narrator that guides you through the entire attack chain. Each step tells you exactly what to do.

Right Panel — Simulated Environment

A fully interactive browser, mobile device, or proxy simulation where you perform actions — click buttons, fill forms, and observe responses in real time.

Learn Mode Interface

Here's what the split-screen learn mode looks like during a scenario:

app.securecodinghub.com/learn/idor

Step 3 of 12

Discover User Profiles

Now try changing the user ID in the URL bar. Replace /profile/1 with /profile/2 and observe what happens. You should be able to access another user's private profile data.

Narrator

This is a classic IDOR vulnerability — the application doesn't verify that the logged-in user owns the requested profile.

Next Step

vulnerable-app.com/login

Emailjohn@example.com

Password********

Scenario Structure

Every scenario follows a consistent five-stage pattern that mirrors real-world security assessments:

Introduction

Context about the target application, your role, and the vulnerability you will be exploring.

Discovery

Explore the application and identify the attack surface — observe how the app behaves normally.

Exploitation

Execute the attack step by step — inject payloads, manipulate requests, or bypass controls.

Impact

See the real consequences of the vulnerability — data leaks, privilege escalation, or session hijacking.

Prevention

Learn the correct code and configuration changes to fix the vulnerability and prevent future exploitation.

Simulated Environments

Learn Mode uses three types of simulation depending on the vulnerability category:

Environment	Used For	Description
SimBrowser	Web vulnerabilities	A fully interactive web browser simulation with URL bar, navigation, forms, and dynamic responses. Used for XSS, CSRF, SQL Injection, and other web attacks.
SimMobilePhone	Mobile vulnerabilities	iOS and Android device simulation with native UI elements, status bar, and touch interactions. Used for insecure storage, WebView injection, and certificate pinning scenarios.
SimWebProxy	API vulnerabilities	HTTP request/response proxy that shows raw API calls, headers, and payloads. Used for BOLA, mass assignment, broken authentication, and other API security scenarios.

Progress Tracking

Each scenario tracks your progress so you can pick up right where you left off:

Metric	Description
Current step / Total steps	Shows your position in the scenario — e.g. "Step 8 of 14"
Completion status	in_progress or completed
Resume support	You can close a scenario and return later — it resumes from your last step

Scenario Progress

Your scenario list shows current progress at a glance:

app.securecodinghub.com/learn

Your Scenarios

IDOR — Direct Object ReferenceIn Progress

Step 8 / 14

SQL Injection — Login BypassCompleted

Step 11 / 11

XSS — Stored Cross-Site ScriptingIn Progress

Step 3 / 16

Next steps: Try Practice Mode to test your knowledge with code review challenges, or explore the full scenario catalog from the dashboard.

When a Guided Scenario Teaches What a Code-Review Challenge Cannot

A code review challenge in Practice Mode hands you a self-contained snippet. That is a fair representation of how vulnerabilities look on the line, but most real vulnerabilities are not on a single line. They live across files, across services, or across the boundary between client and server. IDOR is the canonical example: the bad code is not the database query, it is the missing authorization check three layers up the stack. Learn Mode is the format that can show you that gap, because it puts the entire application in front of you.

The same is true for any vulnerability where exploitation depends on session state, multi-step request flows, or attacker-controlled timing. Stored XSS only matters once the payload travels from one user to another. Mass assignment only matters when the model layer trusts request body keys it never should have exposed. A snippet cannot show that chain. A scenario can, because you log in, perform actions, observe responses, and watch a vulnerability turn into a breach in real time. The five-stage scenario structure above is designed around exactly that arc.

How to Use Learn Mode if You Are Already Senior

Senior developers and security engineers sometimes skip Learn Mode because the narrator and step-by-step instructions feel slow. That is fair for vulnerability classes you have personally exploited dozens of times. The right use of Learn for senior learners is targeted, not completionist. Skim the introduction, skim Discovery, and slow down at Exploitation only when the attack surface is unfamiliar. A backend engineer who has never written iOS code will learn more from a single mobile insecure-storage scenario than from twenty Practice challenges in the same category, because the unfamiliar part is the platform, not the concept.

The other senior use case is closing language gaps. If you joined a team using a stack you do not know well, Learn scenarios in that stack double as a fast tour of the application shape and the attack surface you will be reviewing. Combine that with stack-aligned Practice from Stack Preferences to ramp up on a new codebase faster than reading documentation alone.