Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data ...

Ransomware attacks have experienced a resurgence, with recent attacks focused on international healthcare, local government, and education sectors, in particular. A ransomware cyber-attack occurs when ...

Phishing involves tricking a target into submitting their ID, password, or payment card data to an attacker. Login credentials for online banking, webmail, or e-commerce sites are among the potential ...

In this section, we'll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability.

This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http ...

In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...

This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response. A script on ...

In this section, we'll describe various ways in which HTTP request smuggling vulnerabilities can be exploited, depending on the intended functionality and other behavior of the application. In some ...

A zero-day (0day) vulnerability refers to a security vulnerability for which no mitigation or patch is available at the time it is disclosed or made public. Existing software patches are unable to ...

It is common to see customized client-side input validation implemented within scripts. Client-side controls of this kind are usually easy to circumvent; it is possible to enter a benign value into ...

For websites that adopt a password-based login process, users either register for an account themselves or they are assigned an account by an administrator. This account is associated with a unique ...