Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
Web Fundamentals: API	--	12	PRO
API Mass-Assignment 03	< 1 Hr.	435	PRO
API Mass-Assignment 01	< 1 Hr.	493	PRO
API Mass-Assignment 02	< 1 Hr.	466	PRO
API JWT REVOCATION JWT This exercise covers how to bypass a weak JWT Revocation Mechanism.	< 1 Hr.	477	PRO
API 20 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	527	PRO
API 19 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	545	PRO
API 18 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	557	PRO
API 17 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	471	PRO
API 16 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	562	PRO
API 15 This exercise covers how to exploit a leaked encrypted password with an API.	< 1 Hr.	633	PRO
API 14 This exercise covers how to exploit a leaked encrypted password with an API.	< 1 Hr.	722	PRO
API 13 This exercise covers a complex filter bypass in API.	< 1 Hr.	694	PRO
API 12 This exercise covers a common filter bypass in API.	< 1 Hr.	770	PRO
API 11 This exercise covers a common filter bypass in API.	< 1 Hr.	812	PRO
API 10 This exercise covers a common filter bypass in API.	< 1 Hr.	880	PRO
API 09 This exercise covers how one can inspect HTTP responses to identify information leaks.	< 1 Hr.	1015	PRO
API Payments 07 This exercise covers a way to manipulate a shopping cart to lower the total amount	< 1 Hr.	993	PRO
API Payments 06 This exercise covers a simple payments bypass.	< 1 Hr.	1026	PRO
API Payments 05 This exercise covers how to abuse a shopping cart allowing users to apply a voucher.	< 1 Hr.	931	PRO
API Payments 04 This exercise covers how to abuse a shopping cart allowing users to apply a voucher..	< 1 Hr.	1243	PRO
API Payments 03 This exercise covers a simple payments bypass.	< 1 Hr.	1352	PRO
API Payments 02 This exercise covers a simple payments bypass.	< 1 Hr.	1517	PRO
API Payments 01 API This exercise covers a simple payments bypass.	< 1 Hr.	2016	PRO
API 08 This exercise covers how one can inspect HTTP responses to identify information leaks.	< 1 Hr.	1820	PRO
API 07 API Angular This exercise covers how one can inspect JavaScript code to identify information leak.	< 1 Hr.	1915	PRO
API 06 API Angular This exercise covers how one can inspect JavaScript code to identify unused endpoints.	< 1 Hr.	2046	PRO
API 05 API Angular This exercise covers how one can inspect JavaScript code to identify unused endpoints.	< 1 Hr.	2362	PRO
API 04 API Angular This exercise covers how one can inspect JavaScript code to identify unused endpoints.	< 1 Hr.	2553	PRO
API 03 API This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.	< 1 Hr.	2519	PRO

‹ 1 2 ›

Showing 1–30 of 33 exercises