Select a lab to learn and practice real-world web vulnerabilities. Each module includes theory and a hands-on challenge.
OWASP Top 10 2025
- A01:2025 Broken Access Control IDOR – Insecure Direct Object References Lab
- A02:2025 Security Misconfiguration Default configs, verbose errors, unnecessary features Coming soon
- A03:2025 Software Supply Chain Failures Vulnerable dependencies, untrusted sources Coming soon
- A04:2025 Cryptographic Failures Weak crypto, sensitive data in transit/at rest Coming soon
- A05:2025 Injection (SQLi) SQL Injection lab Lab
- A05:2025 Injection (XSS) Cross-Site Scripting lab Lab
- A06:2025 Insecure Design Missing threat modeling, flawed business logic Coming soon
- A07:2025 Authentication Failures Insecure auth, session issues, credential handling Lab
- A08:2025 Software or Data Integrity Failures Unsigned updates, insecure deserialization, CI/CD Coming soon
- A09:2025 Security Logging & Alerting Failures Missing or insufficient logging and monitoring Coming soon
- A10:2025 Mishandling of Exceptional Conditions Improper error handling, stack traces, edge cases Coming soon
- A02 / Info Sensitive Information Disclosure Hardcoded secrets, exposed data in client/server Lab