This repository contains the report for practical labs and exercises focused on common web vulnerabilities, including:
- SQL Injection (SQLi): Exploiting improper input validation to execute malicious SQL queries.
- Cross-Site Request Forgery (CSRF): Forcing authenticated users to perform actions without their consent.
- Cross-Site Scripting (XSS): Injecting malicious scripts into web applications.
The labs are based on these Seed Labs 2.0.
-
SQL Injection (SQLi) Lab
- Understand how SQL injection attacks work.
- Learn how to bypass authentication and extract sensitive data.
- Mitigation techniques: Prepared statements, parameterized queries, and input validation.
-
Cross-Site Request Forgery (CSRF) Lab
- Explore how attackers can force users to perform unintended actions.
- Create and execute CSRF payloads.
- Mitigation techniques: CSRF tokens and SameSite cookies.
-
Cross-Site Scripting (XSS) Lab
- Experiment with stored, reflected, and DOM-based XSS attacks.
- Learn to inject scripts to steal cookies, deface pages, or perform malicious actions.
- Mitigation techniques: Input sanitization, output encoding, and CSP (Content Security Policy).
-
Secure Coding Practices
- Guidance on fixing vulnerabilities.
- Practical examples of secure implementations.