Secure Programming — a Cyber lab
Three self-contained, in-browser labs that take you from vulnerability to defense through worked examples, real CVEs, and code you can run. Pick a lab.
Integer Overflow
How integers are stored, signed vs unsigned, what happens when arithmetic exceeds the cage, real-world incidents, working C programs you can compile in the browser, and the patches that prevent each kind of bug.
Enter the labPrompt Injection
Direct and indirect prompt injection attacks against LLM-based applications, with worked examples — DAN, instruction override, indirect injection via hidden HTML — and the layered defenses that mitigate each one.
Enter the labRace Conditions
Two threads, one resource, no agreement on order. Lost-update counters, TOCTOU file races, double-spend transactions, and symlink races — each with a step-through interleaving simulator showing live source, locals, and the gap an attacker exploits.
Enter the labAbout
Why this exists.
Secure Programming (Cyber) — Lab is a small collection of single-page security labs designed for self-paced learning and classroom use. Each lab teaches one threat class end-to-end: the underlying mechanism, real-world incidents that resulted from it, code you can run to reproduce the bug, and the idiomatic patch that fixes it.
Every lab is a self-contained HTML file — no build step, no server, no dependencies beyond Google Fonts. The interactive instruments (calculators, bit grids, the live C compiler in the integer-overflow lab, the chat simulators in the prompt-injection lab) all run in your browser using BigInt, WebAssembly-free interpreters, and plain JavaScript.
New labs will be added over time. Each follows the same structure: foundation → demonstration → real cases → runnable code → defenses.