Security Challenges
Select a category below to explore security vulnerabilities based on the OWASP Top 10. Each challenge teaches you about real-world security issues and how to exploit (and prevent) them.
Injection
A03:2021SQL, NoSQL, OS, and LDAP injection. Learn how untrusted data sent to an interpreter can execute unintended commands.
2 challenges available
Cross-Site Scripting (XSS)
A03:2021Reflected, stored, and DOM-based XSS. Discover how attackers can inject malicious scripts into web pages.
3 challenges available
Broken Authentication
A07:2021Session hijacking, weak passwords, credential stuffing. Understand authentication vulnerabilities.
3 challenges available
Broken Access Control
A01:2021IDOR, privilege escalation, path traversal. Learn how access controls can be bypassed to access unauthorized data.
3 challenges available
Sensitive Data Exposure
A02:2021Find exposed credentials, debug endpoints, and sensitive data leaks. Learn about cryptographic failures.
3 challenges available
Security Misconfiguration
A05:2021Default credentials, verbose errors, unnecessary features. Identify common security misconfigurations.
3 challenges available
XML External Entities (XXE)
A05:2021XML entity injection attacks. Learn how poorly configured XML parsers can lead to data exposure and SSRF.
3 challenges available