challenges blog leaderboard careers companies pricing

Broken Function Auth

Insecure Direct Object Reference

Easy

Objective

UI hides buttons, but API doesn't check permissions.

Submit Flag

Security training for developers who ship AI-generated code. Learn to spot vulnerabilities before attackers do.

Learn

Challenges
Careers
Pricing

Company

Security Review
For Teams
Hire Developers

Legal

Privacy Policy
Terms of Service
Educational use only

All vulnerabilities are intentional. Built for learning.

2026 alicesec