Overview
Syllabus
★ Zero Stars (Improper Input Validation).
★ Confidential Document (Sensitive Data Exposure).
★ DOM XSS (XSS).
★ Error Handling (Security Misconfiguration).
★ Missing Encoding (Improper Input Validation).
★ Outdated Whitelist (Unvalidated Redirects).
★ Privacy Policy (Miscellaneous).
★ Repetitive Registration (Improper Input Validation).
★ ★ Login Admin (Injection).
★ ★ Classic Stored XSS (XSS).
★ ★ Admin Section (Broken Access Control).
★ ★ Deprecated Interface (Security Misconfiguration).
★ ★ Five Star Feedback (Broken Access Control).
★ ★ Login MC SafeSearch (Sensitive Data Exposure).
★ ★ Password Strength (Broken Authentication).
★ ★ Security Policy (Miscellaneous).
★ ★ View Basket (Broken Access Control).
★ ★ Weird Crypto (Cryptographic Issues).
★ ★ ★ API-Only XSS (XSS).
★ ★ ★ Admin Registration (Improper Input Validation).
★ ★ ★ Björn's Favorite Pet (Broken Authentication).
★ ★ ★ Captcha Bypass (Broken Anti Automation).
★ ★ ★ Client-side XSS Protection (XSS).
★ ★ ★ Database Schema (Injection).
★ ★ ★ Forged Feedback (Broken Access Control).
★ ★ ★ Forged Review (Broken Access Control).
★ ★ ★ GDPR Data Erasure (Broken Authentication).
★ ★ ★ Login Amy (Sensitive Data Exposure).
★ ★ ★ Login Bender (Injection).
★ ★ ★ Login Jim (Injection).
★ ★ ★ Manipulate Basket (Broken Access Control).
★ ★ ★ Payback Time (Improper Input Validation).
★ ★ ★ Privacy Policy Inspection (Security through Obscurity).
★ ★ ★ Product Tampering (Broken Access Control).
★ ★ ★ Reset Jim's Password (Broken Authentication).
★ ★ ★ Upload Size (Improper Input Validation).
★ ★ ★ Upload Type (Improper Input Validation).
★★★★ Access Log (Sensitive Data Exposure).
★★★★ Ephemeral Accountant (SQL-Injection).
★★★★ Expired Coupon (Improper Input Validation).
★★★★ Forgotten Developer Backup (Sensitive Data Exposure).
★★★★ Forgotten Sales Backup (Sensitive Data Exposure).
★★★★ GDPR Data Theft (Sensitive Data Exposure).
★★★★ Legacy Typosquatting (Vulnerable Components).
★★★★ Login Bjoern (Broken Authentication).
★★★★ Misplaced Signature File (Sensitive Data Exposure).
★★★★ Nested Easter Egg (Cryptographic Issues).
★★★★ NoSql Manipulation (Injection).
★★★★★ Change Benders Password (Broken Authentication).
★★★★★ Extra Language (Broken Anti Automation).
Taught by
Hacksplained