Skelvorad
Live security webinars, worldwide

Skelvorad — Technology

Stack behind web security education

Every tool and protocol used in Skelvorad webinars is chosen for how well it holds up under real attack conditions — not for how well it looks in a feature list.

Web application security infrastructure overview
14
Security domains covered across live sessions
6
Core platform layers in the delivery stack
4.6
Average rating across 52 participant reviews
38
Distinct tools demonstrated in practicals

Sessions run on infrastructure that mirrors production environments — participants see the same conditions an attacker would encounter.

How the platform is assembled

Skelvorad does not use generic webinar software. Each component was selected or configured specifically for security-focused instruction — where demonstrating a vulnerability live, without breaking the session, is a hard requirement.

01
Broadcast layer

Isolated streaming environment

Live sessions run through a containerised broadcast stack that separates the presenter's demonstration environment from the delivery channel. When an instructor runs a SQL injection or SSRF demonstration, the exploit executes inside a sandboxed network segment — visible to participants through a mirrored stream, but fully isolated from any external system. Latency is kept below 900ms to keep real-time tool output readable.

WebRTC RTMP ingest Docker isolation Adaptive bitrate
02
Lab infrastructure

Participant-accessible practice targets

Each webinar includes a set of intentionally vulnerable applications deployed per-participant — not shared instances. Participants get their own OWASP WebGoat, DVWA, or custom-built targets depending on the session topic. Lab environments spin up automatically at session start and are destroyed at close. No persistent state means no cross-contamination between participants and no residual exposure after the session ends.

Kubernetes OWASP WebGoat DVWA Ephemeral VMs VPN tunnels
03
Tooling coverage

Instruments shown in practicals

Sessions do not introduce tools abstractly. Burp Suite interception, Nmap service enumeration, Nikto scanning, and Metasploit module usage are demonstrated against live lab targets during the session. Instructors walk through output interpretation line by line. Participants can replicate every step in their own lab instance simultaneously, which is why the per-participant isolation in the previous layer matters.

Burp Suite Nmap Nikto Metasploit Wireshark ZAP
04
Session integrity

Recording, access control, and audit

All sessions are recorded at the stream level with chapter markers generated from the instructor's slide transitions. Access is controlled through time-limited signed tokens — no public links, no shared credentials. Participant activity inside lab environments is logged for post-session review, which helps instructors identify where participants got stuck and adjust the next session accordingly.

Signed tokens AES-256 storage Activity logs Chapter markers

Why the stack is not static

Web application attack surface shifts as frameworks evolve. A session on JWT misconfiguration delivered in early 2024 required different tooling than one addressing the same topic after algorithm confusion vulnerabilities became more widely exploited. Skelvorad updates lab configurations and tooling selections between session cycles — not on a fixed calendar, but when the threat landscape warrants it. Participants who attend repeat sessions on similar topics will encounter different lab scenarios.

~8 wks
Average lab refresh cycle
TLS 1.3
Minimum transport standard
CVE-tracked
Vulnerability scenario sourcing
Standards alignment

Content maps to OWASP Top 10, NIST SP 800-115, and CWE classifications. Participants can cross-reference session material against published frameworks without translation.

Accessibility of tooling

Every tool demonstrated has a free or community edition. Participants are not required to purchase commercial licences to follow along or practice independently after the session.

Instructor Daryna Omelchenko, web security specialist at Skelvorad

"Choosing a tool for a live session is different from choosing one for a pentest report. It has to be explainable step by step, produce output that reads clearly on a shared screen, and fail gracefully when something unexpected happens in the lab."

Daryna Omelchenko
Lead Instructor, Web Application Security — Skelvorad