Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
Cross-Site WebSocket Hijacking This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information	< 1 Hr.	1116	PRO
JWT XII JWT This exercise covers how to use the x5u header to bypass an authentication based on JWT.	1-2 Hr.	702	PRO
Cross-Origin Resource Sharing II This exercise covers Cross-Origin Resource Sharing and how it can be used to get access to sensitive data.	< 1 Hr.	1067	PRO
JWT XI JWT This exercise covers how to use the jku header to bypass an authentication based on JWT.	1-2 Hr.	695	PRO
cve-2019-5420 II This exercise details the exploitation of CVE-2019-5420 to gain code execution	1-2 Hr.	577	PRO
OAuth2: Client OpenRedirect This exercise covers the exploitation of an OpenRedirect in an OAuth2 Client	< 1 Hr.	849	PRO
CVE-2019-5420 This exercise details the exploitation of CVE-2019-5420 to forge a session as another user	2-4 Hr.	930	PRO
JWT X JWT This exercise covers how to use the jku header to bypass an authentication based on JWT.	< 1 Hr.	790	PRO
GraphQL: SQL Injection This exercise covers how to use introspection and a SQL injection to get access to additional information in GraphQL.	1-2 Hr.	1501	PRO
OAuth2: Authorization Server OpenRedirect This exercise covers the exploitation of an OpenRedirect in an OAuth2 Authorization Server	< 1 Hr.	961	PRO
JWT IX JWT This exercise covers how to use the jku header to bypass an authentication based on JWT.	< 1 Hr.	918	PRO
Gogs RCE II This exercise covers how to get code execution against the Git self hosted tool: Gogs.	< 1 Hr.	616	PRO
JWT VIII JWT This exercise covers how to use the jku header to bypass an authentication based on JWT.	1-2 Hr.	995	PRO
SAML: Signature Stripping This exercise covers the exploitation of a signature stripping vulnerability in SAML	< 1 Hr.	2137	PRO
GraphQL Introspection This exercise covers how to use introspection to get access to additional information in GraphQL.	< 1 Hr.	2448	PRO
Gogs RCE This exercise covers how to get code execution against the Git self hosted tool: Gogs.	1-2 Hr.	689	PRO
Android 07 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	1-2 Hr.	1493	PRO
Android 06 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	< 1 Hr.	1743	PRO
Android 08 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	1-2 Hr.	1416	PRO
Android 05 This exercise will guide you through the process of reversing a simple obfuscated Android code to recover the encrypted data	1-2 Hr.	2046	PRO
PCAP 26 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6178	PRO
PCAP 27 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6123	PRO
PCAP 28 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6094	PRO
PCAP 29 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6077	PRO
PCAP 30 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6045	PRO
PCAP 31 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	6019	PRO
PCAP 32 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5939	PRO
PCAP 33 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5830	PRO
PCAP 34 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5899	PRO
PCAP 35 This exercise is one of our challenges to help you learn how to analyze PCAP files	< 1 Hr.	5984	PRO

‹ 1 … 15 16 17 18 19 20 21 … 25 ›

Showing 511–540 of 734 exercises