A short exercise to use the browser developer tools to discover known vulnerabilities in an application.
Explore Insecure Direct Object Reference (IDOR) through this fun activity around accessing the secrets of a tester. These techniques may also be called URL manipulation and you're coming up with test cases for a URL.
Explore how we can use browser developer tools to by pass client side validation. In this exercise you will be filling out an event registration but sending invalid values to find flags.
Explore Cross Site Scripting (XSS) through creating and modifying a profile.
Find hidden treasures by using SQL injection in this helpful site for sea dogs.
Less deep than the usual activities, the Playground lets you play about with URL manipulation, validation, XSS and SQL injection in as open way as I was comfortable risking...
Get guided instructions to complete 10 challenges across a range of topics.
In this activity you have a mission to complete. The Tea Virus is set to be unleashed upon the world and must be stopped. Another agents has implemented an exploit but you must trigger it.
Try to find 10 security defects hidden within a basic message posting application.