Phishing involves tricking a target into submitting their ID, password, or payment card data to an attacker. Login credentials for online banking, webmail, or e-commerce sites are among the potential ...

Ransomware attacks have experienced a resurgence, with recent attacks focused on international healthcare, local government, and education sectors, in particular. A ransomware cyber-attack occurs when ...

Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then ...

In this section, we'll explain dangling markup injection, how a typical exploit works, and how to prevent dangling markup attacks. Dangling markup injection is a technique for capturing data ...

In this section, we'll describe various ways in which HTTP request smuggling vulnerabilities can be exploited, depending on the intended functionality and other behavior of the application. In some ...

In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...

This lab contains a path traversal vulnerability in the display of product images. The application blocks input containing path traversal sequences. It then performs a URL-decode of the input before ...

This lab is vulnerable due to a logic flaw in its brute-force protection. To solve the lab, brute-force Carlos's password, then access his account page.

This page requires JavaScript for an enhanced user experience.

This lab implements access controls based partly on the HTTP method of requests. You can familiarize yourself with the admin panel by logging in using the credentials ...

Launching labs may take some time, please hold on while we build your environment. Practise exploiting vulnerabilities on realistic targets. Record your progression from Apprentice to Expert. See ...