erlef · juanpablo-nl · Jun 24, 2026 · Jun 24, 2026 · Jun 24, 2026 · Jun 24, 2026
diff --git a/modules/2-owasp.livemd b/modules/2-owasp.livemd
@@ -101,25 +101,29 @@ Notable CWEs included are CWE-259: Use of Hard-coded Password, CWE-327: Broken o
 
 _Please uncomment the function call that you believe is correct._
 
-<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjT1dBU1A6MVxuZGVmbW9kdWxlIFBhc3N3b3JkQ29tcGFyZSBkb1xuICBkZWYgb3B0aW9uX29uZShwYXNzd29yZCwgbWQ1X2hhc2gpIGRvXG4gICAgY2FzZSA6Y3J5cHRvLmhhc2goOm1kNSwgcGFzc3dvcmQpID09IG1kNV9oYXNoIGRvXG4gICAgICB0cnVlIC0+IDplbnRyeV9ncmFudGVkX29wMVxuICAgICAgZmFsc2UgLT4gOmVudHJ5X2RlbmllZF9vcDFcbiAgICBlbmRcbiAgZW5kXG5cbiAgZGVmIG9wdGlvbl90d28ocGFzc3dvcmQsIGJjcnlwdF9zYWx0ZWRfaGFzaCkgZG9cbiAgICBjYXNlIEJjcnlwdC52ZXJpZnlfcGFzcyhwYXNzd29yZCwgYmNyeXB0X3NhbHRlZF9oYXNoKSBkb1xuICAgICAgdHJ1ZSAtPiA6ZW50cnlfZ3JhbnRlZF9vcDJcbiAgICAgIGZhbHNlIC0+IDplbnRyeV9kZW5pZWRfb3AyXG4gICAgZW5kXG4gIGVuZFxuZW5kXG5cbiMgRE8gTk9UIENIQU5HRSBDT0RFIEFCT1ZFIFRISVMgTElORSA9PT09PT09PT09PT09PT09PT09PT09PT09XG5cbiMgUGFzc3dvcmRDb21wYXJlLm9wdGlvbl9vbmUoXCJ1c2Vyc19wYXNzd29yZFwiLCBtZDVfaGFzaClcbiMgUGFzc3dvcmRDb21wYXJlLm9wdGlvbl90d28oXCJ1c2Vyc19wYXNzd29yZFwiLCBiY3J5cHRfc2FsdGVkX2hhc2gpIn0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
+<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjT1dBU1A6MVxuZGVmbW9kdWxlIFBhc3N3b3JkQ29tcGFyZSBkb1xuICBkZWYgb3B0aW9uX29uZShwYXNzd29yZCwgbWQ1X2hhc2gpIGRvXG4gICAgY2FzZSA6Y3J5cHRvLmhhc2goOm1kNSwgcGFzc3dvcmQpID09IG1kNV9oYXNoIGRvXG4gICAgICB0cnVlIC0+IDplbnRyeV9ncmFudGVkX29wMVxuICAgICAgZmFsc2UgLT4gOmVudHJ5X2RlbmllZF9vcDFcbiAgICBlbmRcbiAgZW5kXG5cbiAgZGVmIG9wdGlvbl90d28ocGFzc3dvcmQsIGJjcnlwdF9zYWx0ZWRfaGFzaCkgZG9cbiAgICBjYXNlIEJjcnlwdC52ZXJpZnlfcGFzcyhwYXNzd29yZCwgYmNyeXB0X3NhbHRlZF9oYXNoKSBkb1xuICAgICAgdHJ1ZSAtPiA6ZW50cnlfZ3JhbnRlZF9vcDJcbiAgICAgIGZhbHNlIC0+IDplbnRyeV9kZW5pZWRfb3AyXG4gICAgZW5kXG4gIGVuZFxuZW5kXG5cbiMgRE8gTk9UIENIQU5HRSBDT0RFIEFCT1ZFIFRISVMgTElORSA9PT09PT09PT09PT09PT09PT09PT09PT09XG5cbiMgUGFzc3dvcmRDb21wYXJlLm9wdGlvbl9vbmUoXCJ1c2Vyc19wYXNzd29yZFwiLCBtZDVfaGFzaClcblBhc3N3b3JkQ29tcGFyZS5vcHRpb25fdHdvKFwidXNlcnNfcGFzc3dvcmRcIiwgYmNyeXB0X3NhbHRlZF9oYXNoKSJ9","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
 
 ```elixir
 result =
-  defmodule PasswordCompare do
-    def option_one(password, md5_hash) do
-      case :crypto.hash(:md5, password) == md5_hash do
-        true -> :entry_granted_op1
-        false -> :entry_denied_op1
+  (
+    defmodule PasswordCompare do
+      def option_one(password, md5_hash) do
+        case :crypto.hash(:md5, password) == md5_hash do
+          true -> :entry_granted_op1
+          false -> :entry_denied_op1
+        end
       end
-    end
 
-    def option_two(password, bcrypt_salted_hash) do
-      case Bcrypt.verify_pass(password, bcrypt_salted_hash) do
-        true -> :entry_granted_op2
-        false -> :entry_denied_op2
+      def option_two(password, bcrypt_salted_hash) do
+        case Bcrypt.verify_pass(password, bcrypt_salted_hash) do
+          true -> :entry_granted_op2
+          false -> :entry_denied_op2
+        end
       end
     end
-  end
+
+    PasswordCompare.option_two("users_password", bcrypt_salted_hash)
+  )
 
 case GradingClient.check_answer(OWASP, 1, result) do
   :correct ->

diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd
@@ -47,10 +47,10 @@ A very easy way to prevent secrets being added to files is to access them via En
 
 _Use `System.get_env/1` on line 2._
 
-<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIFNETEM6MVxuc3VwZXJfc2VjcmV0X3Bhc3N3b3JkID0gXCJwQHNzdzByZFwiIn0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
+<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIFNETEM6MVxuc3VwZXJfc2VjcmV0X3Bhc3N3b3JkID0gU3lzdGVtLmdldF9lbnYoXCJlbnZhcl9zZWNyZXRcIikifQ","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
 
 ```elixir
-result = super_secret_password = "p@ssw0rd"
+result = super_secret_password = System.get_env("envar_secret")
 
 case GradingClient.check_answer(SDLC, 1, result) do
   :correct ->

diff --git a/modules/5-elixir.livemd b/modules/5-elixir.livemd
@@ -50,15 +50,15 @@ Beware of functions in applications/libraries that create atoms from input value
 
 _You should get a `true` result when you successfully fix the function._
 
-<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIEVMSVhJUl9TRUNVUklUWToxXG5tYWxpY2lvdXNfdXNlcl9pbnB1dCA9IFVVSUQudXVpZDQoKVxuXG50cnkgZG9cbiAgbWFsaWNpb3VzX3VzZXJfaW5wdXRcbiAgIyBPTkxZIENIQU5HRSBORVhUIExJTkVcbiAgfD4gU3RyaW5nLnRvX2F0b20oKVxucmVzY3VlXG4gIGUgLT4gZVxuZW5kIn0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
+<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIEVMSVhJUl9TRUNVUklUWToxXG5tYWxpY2lvdXNfdXNlcl9pbnB1dCA9IFVVSUQudXVpZDQoKVxuXG50cnkgZG9cbiAgbWFsaWNpb3VzX3VzZXJfaW5wdXRcbiAgIyBPTkxZIENIQU5HRSBORVhUIExJTkVcbiAgfD4gU3RyaW5nLnRvX2V4aXN0aW5nX2F0b20oKVxucmVzY3VlXG4gIGUgLT4gZVxuZW5kIn0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
 
 ```elixir
 result =
   (
     malicious_user_input = UUID.uuid4()
 
     try do
-      malicious_user_input |> String.to_atom()
+      malicious_user_input |> String.to_existing_atom()
     rescue
       e -> e
     end
@@ -117,7 +117,7 @@ name = Kino.Input.text("What's your name?")
 
 ```elixir
 textfield_value = Kino.Input.read(name)
-{result, binding} = Code.eval_string("a", a: textfield_value)
+{result, binding} = Code.eval_string("a", a: textfield_value, )
 "Hello, " <> result
 ```
 
@@ -181,7 +181,7 @@ user_input = "HASH_OF_asdfasdf"
 Benchwarmer.benchmark(fn -> Susceptible.compare(user_input, password) end)
 Benchwarmer.benchmark(fn -> Constant.compare(user_input, password) end)
 
-# IO.puts(:comparison_ran)
+IO.puts(:comparison_ran)
 ```
 
 ## Boolean Coercion
@@ -213,7 +213,7 @@ The latter will raise a `BadBooleanError` when the function returns `:ok` or `{:
 
 _Uncomment the if statement that uses the correct boolean comparison._
 
-<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIEVMSVhJUl9TRUNVUklUWToyXG5cbmRlZm1vZHVsZSBTZWN1cml0eUNoZWNrIGRvXG4gIGRlZiB2YWxpZGF0ZShpbnB1dCwgcGFzc3dvcmRfaGFzaCkgZG9cbiAgICBjYXNlIFBsdWcuQ3J5cHRvLnNlY3VyZV9jb21wYXJlKGlucHV0LCBwYXNzd29yZF9oYXNoKSBkb1xuICAgICAgdHJ1ZSAtPiA6b2tcbiAgICAgIGZhbHNlIC0+IDphY2Nlc3NfZGVuaWVkXG4gICAgZW5kXG4gIGVuZFxuXG4gIGRlZmV4Y2VwdGlvbiBtZXNzYWdlOiBcIlRoZXJlIHdhcyBhbiBpc3N1ZVwiXG5lbmRcblxucGFzc3dvcmQgPSBcInNvbWVfc2VjdXJlX3Bhc3N3b3JkX2hhc2hcIlxudXNlcl9pbnB1dCA9IFwic29tZV9zdHJpbmdfd2hpY2hfb2J2aW91c2x5X2lzbnRfdGhlX3NhbWVfYXNfdGhlX3Bhc3N3b3JkXCJcbjpva1xuIyBETyBOT1QgRURJVCBBTlkgQ09ERSBBQk9WRSBUSElTIExJTkUgPT09PT09PT09PT09PT09PT09PT09XG5cbnRyeSBkb1xuIyBpZiBTZWN1cml0eUNoZWNrLnZhbGlkYXRlKHVzZXJfaW5wdXQsIHBhc3N3b3JkKSBvciByYWlzZShTZWN1cml0eUNoZWNrKSBkbyA6eW91X2xldF9hX2JhZGRpZV9pbiBlbmRcbiMgaWYgU2VjdXJpdHlDaGVjay52YWxpZGF0ZSh1c2VyX2lucHV0LCBwYXNzd29yZCkgfHwgcmFpc2UoU2VjdXJpdHlDaGVjaykgZG8gOnlvdV9sZXRfYV9iYWRkaWVfaW4gZW5kXG5yZXNjdWVcbiAgZSAtPiBlXG5lbmQifQ","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
+<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIEVMSVhJUl9TRUNVUklUWToyXG5cbmRlZm1vZHVsZSBTZWN1cml0eUNoZWNrIGRvXG4gIGRlZiB2YWxpZGF0ZShpbnB1dCwgcGFzc3dvcmRfaGFzaCkgZG9cbiAgICBjYXNlIFBsdWcuQ3J5cHRvLnNlY3VyZV9jb21wYXJlKGlucHV0LCBwYXNzd29yZF9oYXNoKSBkb1xuICAgICAgdHJ1ZSAtPiA6b2tcbiAgICAgIGZhbHNlIC0+IDphY2Nlc3NfZGVuaWVkXG4gICAgZW5kXG4gIGVuZFxuXG4gIGRlZmV4Y2VwdGlvbiBtZXNzYWdlOiBcIlRoZXJlIHdhcyBhbiBpc3N1ZVwiXG5lbmRcblxucGFzc3dvcmQgPSBcInNvbWVfc2VjdXJlX3Bhc3N3b3JkX2hhc2hcIlxudXNlcl9pbnB1dCA9IFwic29tZV9zdHJpbmdfd2hpY2hfb2J2aW91c2x5X2lzbnRfdGhlX3NhbWVfYXNfdGhlX3Bhc3N3b3JkXCJcbjpva1xuIyBETyBOT1QgRURJVCBBTlkgQ09ERSBBQk9WRSBUSElTIExJTkUgPT09PT09PT09PT09PT09PT09PT09XG5cbnRyeSBkb1xuaWYgU2VjdXJpdHlDaGVjay52YWxpZGF0ZSh1c2VyX2lucHV0LCBwYXNzd29yZCkgb3IgcmFpc2UoU2VjdXJpdHlDaGVjaykgZG8gOnlvdV9sZXRfYV9iYWRkaWVfaW4gZW5kXG4jIGlmIFNlY3VyaXR5Q2hlY2sudmFsaWRhdGUodXNlcl9pbnB1dCwgcGFzc3dvcmQpIHx8IHJhaXNlKFNlY3VyaXR5Q2hlY2spIGRvIDp5b3VfbGV0X2FfYmFkZGllX2luIGVuZFxucmVzY3VlXG4gIGUgLT4gZVxuZW5kIn0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
 
 ```elixir
 result =
@@ -234,6 +234,9 @@ result =
     :ok
 
     try do
+      if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do
+        :you_let_a_baddie_in
+      end
     rescue
       e -> e
     end
@@ -304,12 +307,12 @@ This prevents the table from being read by other processes, such as remote shell
 
 **We have decided that we do not want this ETS table to be read from other processes, so try making it private:**
 
-<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIEVMSVhJUl9TRUNVUklUWTozXG5cbiMgT05MWSBFRElUIFRISVMgTElORVxuc2VjcmV0X3RhYmxlID0gOmV0cy5uZXcoOnNlY3JldF90YWJsZSwgWzpwdWJsaWNdKVxuOmV0cy5pbmZvKHNlY3JldF90YWJsZSlbOnByb3RlY3Rpb25dIn0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
+<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIEVMSVhJUl9TRUNVUklUWTozXG5cbiMgT05MWSBFRElUIFRISVMgTElORVxuc2VjcmV0X3RhYmxlID0gOmV0cy5uZXcoOnNlY3JldF90YWJsZSwgWzpwcml2YXRlXSlcbjpldHMuaW5mbyhzZWNyZXRfdGFibGUpWzpwcm90ZWN0aW9uXSJ9","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
 
 ```elixir
 result =
   (
-    secret_table = :ets.new(:secret_table, [:public])
+    secret_table = :ets.new(:secret_table, [:private])
     :ets.info(secret_table)[:protection]
   )
 

diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd
@@ -181,12 +181,23 @@ In the Phoenix Framework, you would use functionality found within the [Plug lib
 
 _Fill out the `put_resp_cookie/4` function arguments with the settings outlined in the previous section, no other code changes should be necessary._
 
-<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIENPT0tJRV9TRUNVUklUWToxIFxuXG5jb29raWVfbmFtZSA9IFwiQ0hBTkdFX01FXCJcblxuIyBVbmNvbW1lbnQgYW5kIGNoYW5nZSB0aGUgcHV0X3Jlc3BfY29va2llIGNhbGwgYmVsb3dcbiMgY29ubiA9XG4jICAgUGx1Zy5Db25uLnB1dF9yZXNwX2Nvb2tpZShcbiMgICAgIGNvbm4sXG4jICAgICBjb29raWVfbmFtZSxcbiMgICAgIDw8MDo6OCwgNDI6Ojg+PixcbiMgICAgIGRvbWFpbjogLi4uLFxuIyAgICAgcGF0aDogLi4uLFxuIyAgICAgc2VjdXJlOiAuLi4sXG4jICAgICBodHRwX29ubHk6IC4uLixcbiMgICAgIHNhbWVfc2l0ZTogLi4uXG4jICAgKVxuXG5jb29raWUgPSBcbiAgY29ublxuICB8PiBQbHVnLkNvbm4uZmV0Y2hfY29va2llcygpXG4gIHw+IFBsdWcuQ29ubi5nZXRfcmVzcF9jb29raWVzKClcbiAgfD4gTWFwLmZldGNoIShjb29raWVfbmFtZSlcblxue2Nvb2tpZSwgYmluYXJ5X3BhcnQoY29va2llX25hbWUsIDAsIDYpfSJ9","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
+<!-- livebook:{"attrs":"eyJzb3VyY2UiOiIjIENPT0tJRV9TRUNVUklUWToxIFxuXG5jb29raWVfbmFtZSA9IFwiX19Ib3N0LXBlcmZlY3RfY29va2llXCJcblxuIyBVbmNvbW1lbnQgYW5kIGNoYW5nZSB0aGUgcHV0X3Jlc3BfY29va2llIGNhbGwgYmVsb3dcbmNvbm4gPVxuICBQbHVnLkNvbm4ucHV0X3Jlc3BfY29va2llKFxuICAgIGNvbm4sXG4gICAgY29va2llX25hbWUsXG4gICAgPDwwOjo4LCA0Mjo6OD4+LFxuICAgIHBhdGg6IFwiL1wiLFxuICAgIHNlY3VyZTogdHJ1ZSxcbiAgICBodHRwX29ubHk6IHRydWUsXG4gICAgc2FtZV9zaXRlOiBcIlN0cmljdFwiLFxuICApXG5cbmNvb2tpZSA9IFxuICBjb25uXG4gIHw+IFBsdWcuQ29ubi5mZXRjaF9jb29raWVzKClcbiAgfD4gUGx1Zy5Db25uLmdldF9yZXNwX2Nvb2tpZXMoKVxuICB8PiBNYXAuZmV0Y2ghKGNvb2tpZV9uYW1lKVxuXG57Y29va2llLCBiaW5hcnlfcGFydChjb29raWVfbmFtZSwgMCwgNil9In0","chunks":null,"kind":"Elixir.GradingClient.GradedCell","livebook_object":"smart_cell"} -->
 
 ```elixir
 result =
   (
-    cookie_name = "CHANGE_ME"
+    cookie_name = "__Host-perfect_cookie"
+
+    conn =
+      Plug.Conn.put_resp_cookie(
+        conn,
+        cookie_name,
+        <<0::8, 42::8>>,
+        path: "/",
+        secure: true,
+        http_only: true,
+        same_site: "Strict"
+      )
 
     cookie =
       conn