Browser security is a huge concern for both individuals and organizations. Common vulnerabilities, including insecure websites and malicious browser extensions, can impact any network, regardless of ...

In this section, we'll look at some of the vulnerabilities that can occur in multi-factor authentication mechanisms. We've also provided several interactive labs to demonstrate how you can exploit ...

DOM clobbering is a technique in which you inject HTML into a page to manipulate the DOM and ultimately change the behavior of JavaScript on the page. DOM clobbering is particularly useful in cases ...

To prevent the Academy platform being used to attack third parties, our firewall blocks interactions between the labs and arbitrary external systems. To solve the lab, you must use the provided ...

This lab involves a front-end and back-end server, and the front-end server doesn't support chunked encoding. The front-end server rejects requests that aren't using the GET or POST method. To solve ...

In this section, we'll describe client-side JSON injection as related to the DOM, look at how damaging such an attack could be, and suggest ways to reduce your exposure to this kind of vulnerability.

In this section, we'll describe various ways in which HTTP request smuggling vulnerabilities can be exploited, depending on the intended functionality and other behavior of the application. In some ...

This lab contains a path traversal vulnerability in the display of product images. The application blocks input containing path traversal sequences. It then performs a URL-decode of the input before ...

This section describes how to generate Standard and Compliance reports. You can send scan summary reports automatically, by email.

This lab demonstrates DOM-based client-side cookie manipulation. To solve this lab, inject a cookie that will cause XSS on a different page and call the print() function. You will need to use the ...

This website has an unauthenticated admin panel at /admin, but a front-end system has been configured to block external access to that path. However, the back-end application is built on a framework ...

This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's account page.