In this section, we'll explain what content security policy is, and describe how CSP can be used to mitigate against some common attacks. CSP is a browser security mechanism that aims to mitigate XSS ...

In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...

Launching labs may take some time, please hold on while we build your environment.

In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...

This page requires JavaScript for an enhanced user experience.

Web servers can be configured to automatically list the contents of directories that do not have an index page present. This can aid an attacker by enabling them to quickly identify the resources at a ...

This page requires JavaScript for an enhanced user experience.

In this section, we'll look at how web messages can be used as a source to exploit DOM-based vulnerabilities on the recipient page. We'll also describe how such an attack is constructed, including how ...

This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's account page.

If you’re looking for cross-site scripting attack news, The Daily Swig has all bases covered. Cross-site scripting (XSS) is a major attack vector in the web security sphere. While news about XSS ...

In this section, we'll describe various ways in which HTTP request smuggling vulnerabilities can be exploited, depending on the intended functionality and other behavior of the application. In some ...

Phishing campaigns and cybersecurity attacks via email are still two of the biggest threats facing computer users, even 20 years after they first surfaced. The latest email phishing scams can be ...