What is SQL injection (SQLi)? SQLi is a web security vulnerability that allows an attacker to interfere with the queries that an app makes to its database. In many cases, an attacker can not just ...

What is OS command injection? OS command injection, aka shell injection, allows an attacker to execute OS commands on the server that is running the app. This can be leveraged to compromise other ...

What are file upload vulnerabilities? File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type,...

CSRF vs. SSRF A Cross-Site Request Forgery (or CSRF) attack targets the user to execute malicious requests on behalf of the attacker. On the other hand, a Server-Side Request Forgery attack primar...

Objective: This lab has an admin panel at /admin. It’s only accessible to logged-in users with a roleid of 2. Solve the lab by accessing the admin panel and using it to delete the user carlos. Y...

Authentication vulnerabilities Authentication vulnerabilities can allow attackers to gain access to sensitive data and functionality as well as expand their attack surface. As a reminder, authent...

What is access control? Access control is the application of constraints on who or what is authorized to perform actions or access resources. This is dependent on authentication (the user is who t...

Path traversal A path, aka directory or dot-dot-slash, vulneratibility enables the attacker to access (read or write) arbitrary files on the application server. Let’s say that a shopping ...

Information How to install dvwa on Kali. Official GitHub repository. The DVWA server itself contains instructions about almost everything. Damn Vulnerable Web Application (DVWA) is a P...

Information How to install dvwa on Kali. Official GitHub repository. The DVWA server itself contains instructions about almost everything. Damn Vulnerable Web Application (DVWA) is a P...