🧑‍💻 Practice Labs & CTF Exercises

Test your skills with hands-on labs for each major web vulnerability. Filter by category or difficulty, reveal hints, and view solutions. All labs link to real practice platforms.

🎯

Interactive Labs & Exercises

SQL Injection Authentication Bypass

Easy

SQL Injection⏱️ 15-30 min🛠️ 2 tools

▶

SQL Injection UNION Attack

Medium

SQL Injection⏱️ 30-45 min🛠️ 2 tools

▶

Blind SQL Injection with Conditional Responses

Hard

SQL Injection⏱️ 45-60 min🛠️ 3 tools

▶

Reflected XSS in Search Field

Easy

Cross-Site Scripting⏱️ 10-20 min🛠️ 1 tools

▶

Stored XSS in Comments

Medium

Cross-Site Scripting⏱️ 25-40 min🛠️ 3 tools

▶

DOM-based XSS via innerHTML

Hard

Cross-Site Scripting⏱️ 35-50 min🛠️ 2 tools

▶

Basic SSRF against localhost

Easy

Server-Side Request Forgery⏱️ 15-25 min🛠️ 1 tools

▶

SSRF to Access Cloud Metadata

Medium

Server-Side Request Forgery⏱️ 30-45 min🛠️ 2 tools

▶

Username Enumeration via Response Timing

Medium

Authentication⏱️ 30-45 min🛠️ 2 tools

▶

CSRF with No Defenses

Easy

Cross-Site Request Forgery⏱️ 15-25 min🛠️ 2 tools

▶

Web Shell via File Upload

Easy

File Upload⏱️ 15-25 min🛠️ 2 tools

▶

File Upload Extension Bypass

Medium

File Upload⏱️ 30-45 min🛠️ 2 tools

▶

Server-Side Template Injection Detection

Medium

Template Injection⏱️ 30-45 min🛠️ 3 tools

▶

XXE to Read Server Files

Medium

XML External Entity⏱️ 20-30 min🛠️ 1 tools

▶

🌐 Practice Platforms

PortSwigger Web Security Academy

Free labs covering all OWASP Top 10

Hack The Box

Realistic web challenges and machines

TryHackMe

Guided learning paths for beginners

OWASP WebGoat

Self-hosted vulnerable application

PentesterLab

Hands-on exercises with badges

DVWA

Damn Vulnerable Web Application