Learn Mode

Learn Mode provides interactive step-by-step attack scenarios in a simulated browser environment. Walk through real-world attack chains to understand how vulnerabilities are exploited and how to prevent them.

How It Works

Learn Mode uses a guided split-screen interface where you follow along with an interactive attack scenario:

Left Panel — Scenario Guide

Step-by-step instructions, scenario context, and a narrator that guides you through the entire attack chain. Each step tells you exactly what to do.

Right Panel — Simulated Environment

A fully interactive browser, mobile device, or proxy simulation where you perform actions — click buttons, fill forms, and observe responses in real time.

Learn Mode Interface

Here's what the split-screen learn mode looks like during a scenario:

app.securecodinghub.com/learn/idor

Step 3 of 12

Discover User Profiles

Now try changing the user ID in the URL bar. Replace /profile/1 with /profile/2 and observe what happens. You should be able to access another user's private profile data.

Narrator

This is a classic IDOR vulnerability — the application doesn't verify that the logged-in user owns the requested profile.

Next Step

vulnerable-app.com/login

Emailjohn@example.com

Password********

Scenario Structure

Every scenario follows a consistent five-stage pattern that mirrors real-world security assessments:

Introduction

Context about the target application, your role, and the vulnerability you will be exploring.

Discovery

Explore the application and identify the attack surface — observe how the app behaves normally.

Exploitation

Execute the attack step by step — inject payloads, manipulate requests, or bypass controls.

Impact

See the real consequences of the vulnerability — data leaks, privilege escalation, or session hijacking.

Prevention

Learn the correct code and configuration changes to fix the vulnerability and prevent future exploitation.

Simulated Environments

Learn Mode uses three types of simulation depending on the vulnerability category:

Environment	Used For	Description
SimBrowser	Web vulnerabilities	A fully interactive web browser simulation with URL bar, navigation, forms, and dynamic responses. Used for XSS, CSRF, SQL Injection, and other web attacks.
SimMobilePhone	Mobile vulnerabilities	iOS and Android device simulation with native UI elements, status bar, and touch interactions. Used for insecure storage, WebView injection, and certificate pinning scenarios.
SimWebProxy	API vulnerabilities	HTTP request/response proxy that shows raw API calls, headers, and payloads. Used for BOLA, mass assignment, broken authentication, and other API security scenarios.

Progress Tracking

Each scenario tracks your progress so you can pick up right where you left off:

Metric	Description
Current step / Total steps	Shows your position in the scenario — e.g. "Step 8 of 14"
Completion status	in_progress or completed
Resume support	You can close a scenario and return later — it resumes from your last step

Scenario Progress

Your scenario list shows current progress at a glance:

app.securecodinghub.com/learn

Your Scenarios

IDOR — Direct Object ReferenceIn Progress

Step 8 / 14

SQL Injection — Login BypassCompleted

Step 11 / 11

XSS — Stored Cross-Site ScriptingIn Progress

Step 3 / 16

Next steps: Try Practice Mode to test your knowledge with code review challenges, or explore the full scenario catalog from the dashboard.