Penetration Testing, Security Code Review and Web App Security Exercises

Free PRO CVE Easy Medium Hard XSS Code Review API SSRF HTTP RECON CSRF SQLi

Exercise	Avg. Time	Solved by	Tier
Web Fundamentals: API	--	5	PRO
API Mass-Assignment 03	< 1 Hr.	432	PRO
API Mass-Assignment 01	< 1 Hr.	491	PRO
API Mass-Assignment 02	< 1 Hr.	463	PRO
API JWT REVOCATION JWT This exercise covers how to bypass a weak JWT Revocation Mechanism.	< 1 Hr.	476	PRO
API 20 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	525	PRO
API 19 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	543	PRO
API 18 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	556	PRO
API 17 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	468	PRO
API 16 This exercise covers how to exploit an authorization issue in an API.	< 1 Hr.	559	PRO
API 15 This exercise covers how to exploit a leaked encrypted password with an API.	< 1 Hr.	632	PRO
API 14 This exercise covers how to exploit a leaked encrypted password with an API.	< 1 Hr.	721	PRO
API 13 This exercise covers a complex filter bypass in API.	< 1 Hr.	693	PRO
API 12 This exercise covers a common filter bypass in API.	< 1 Hr.	769	PRO
API 11 This exercise covers a common filter bypass in API.	< 1 Hr.	810	PRO
API 10 This exercise covers a common filter bypass in API.	< 1 Hr.	880	PRO
API 09 This exercise covers how one can inspect HTTP responses to identify information leaks.	< 1 Hr.	1015	PRO
API Payments 07 This exercise covers a way to manipulate a shopping cart to lower the total amount	< 1 Hr.	990	PRO
API Payments 06 This exercise covers a simple payments bypass.	< 1 Hr.	1023	PRO
API Payments 05 This exercise covers how to abuse a shopping cart allowing users to apply a voucher.	< 1 Hr.	928	PRO
API Payments 04 This exercise covers how to abuse a shopping cart allowing users to apply a voucher..	< 1 Hr.	1241	PRO
API Payments 03 This exercise covers a simple payments bypass.	< 1 Hr.	1350	PRO
API Payments 02 This exercise covers a simple payments bypass.	< 1 Hr.	1515	PRO
API Payments 01 API This exercise covers a simple payments bypass.	< 1 Hr.	2015	PRO
API 08 This exercise covers how one can inspect HTTP responses to identify information leaks.	< 1 Hr.	1819	PRO
API 07 API Angular This exercise covers how one can inspect JavaScript code to identify information leak.	< 1 Hr.	1913	PRO
API 06 API Angular This exercise covers how one can inspect JavaScript code to identify unused endpoints.	< 1 Hr.	2044	PRO
API 05 API Angular This exercise covers how one can inspect JavaScript code to identify unused endpoints.	< 1 Hr.	2360	PRO
API 04 API Angular This exercise covers how one can inspect JavaScript code to identify unused endpoints.	< 1 Hr.	2551	PRO
API 03 API This exercise is the API version of an exercise you already solved in another badge. You should use it to get more confident with discovering vulnerabilities without any hint on what to look for.	< 1 Hr.	2517	PRO

‹ 1 2 ›

Showing 1–30 of 33 exercises