The traditional way to prove that you've found a cross-site scripting vulnerability is to create a popup using the alert() function. This isn't because XSS has ...

While browsing the web, you've almost certainly come across sites that let you log in using your social media account. The chances are that this feature is built using the popular OAuth 2.0 framework.

This lab involves a front-end and back-end server, and the front-end server doesn't support chunked encoding. There's an admin panel at /admin, but the front-end server blocks access to it. To solve ...

This lab contains a path traversal vulnerability in the display of product images. The application transmits the full file path via a request parameter, and validates that the supplied path starts ...

Launching labs may take some time, please hold on while we build your environment. Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See ...

If scandals such as the 2018 Facebook breach have taught us anything, it’s that we don’t have full control of our personal data. As we increasingly live our lives online, we leave a digital footprint ...

When testing web applications, you may encounter challenges relating to session handling and application state. For example: The application may terminate the testing session, either defensively or ...