1. Web Security Academy
  2. All labs

All labs

SQL injection

Cross-site scripting

Cross-site request forgery (CSRF)

Clickjacking

DOM-based vulnerabilities

Cross-origin resource sharing (CORS)

XML external entity (XXE) injection

Server-side request forgery (SSRF)

HTTP request smuggling

OS command injection

Server-side template injection

Directory traversal

Access control vulnerabilities

Authentication

WebSockets

Web cache poisoning

Insecure deserialization

Information disclosure