Learn web application security

Game-based online cyber security training for developers, devops and security experts.

Learn security by doing

Web security is not black magic – every developer can and must learn it. Our hands-on training is a highly effective way to learn security.


Start your mission

Open your game in a web browser. We will set up networks and servers in a cloud-based simulator on the fly.


Experience the attack

After a while – you will find yourself under an attack.


Learn to defend

Fortunately you are not alone – the Virtual Teaching Assistant will guide you towards the best defense.

RangeForce Simulation Platform

Yes, it’s a sandbox. Designed for experimenting with cyber threats.

  • Advanced provisioning

    Complex networks enable to simulate entire kill chain

  • Attack Bot

    Learn by defending against real attacks

  • Virtual Training Assistant

    Your personal trainer in cyber battle

  • Game Engine

    Cyber training doesn’t have to be boring

Skills that matter

Our training is continuously updated to meet the latest needs.

Web Application Security Essentials

Essential skills to defend against these OWASP Top 10 threats:

  • SQL injection
  • Path Traversal
  • Command Injection
  • XSS: Reflected
  • XSS: Stored
  • XSS: DOM
  • Cookie Security: HttpOnly
  • Cookie Security: Secure
  • Insecure Direct Object References
  • Cross-Site Request Forgery
  • Unrestricted File Upload

Extra modules for DevOps that stretch the developers capability:

  • User Management
  • Security Introduction
  • HTTPS Security​
  • Working with files and folders

Two ways to participate

Cyber Siege

For developers and devops teams

The quality of the code can decide a battle.

A fun event where you can test your cyber skills and experience the cyber battle.

Your mission is to keep your applications up and running. Ruthless attackers use every vulnerability to bring you down. Learn how to fix the code and mitigate attacks.

Persistent Training

For developers

Threat is persistent. The training must be persistent too.

A continuous training where developers get cyber skills and keep them up to date.

A story-based game is rolled out over the year. Every month developers spend an hour in a simulator solving a cyber puzzle. If the challenge is too hard they train in labs and try again.

Why enterprises need our training?


What is common in PCI-DSS, SOX, HIPAA, and ISO 27001? – A requirement to train developers. Comply!

Global approach

You can make sure that your distributed development teams share the same cyber skills. A cloud-based platform is accessible everywhere. Consolidated skills reports cover everyone.

Measurable ROI

Skills assessment provides reliable data about the skills of the team. Progress measurement is based on numbers, not on hope.

Our customers

See how a worldwide bank used the Global Siege to test their employees' skills across the globe.

Barclays Global Siege