DVWA Labs
+5 XP
Category
Web Application Security
Explore web application security vulnerabilities and learn how ethical hackers identify and exploit them. This category covers SQL injection, cross-site scripting (XSS), CSRF, file upload vulnerabilities, authentication bypass, API security flaws, and session management issues. You’ll find hands-on tutorials, payload examples, exploitation labs, and prevention techniques to secure web applications. Ideal for bug bounty hunters, penetration testers, and developers who want to build and test secure web platforms.
84 articles
Bug Bounty Course
+5 XP
GraphQL Bug Bounty 2026 — Introspection Abuse, Injection & Broken Authorization | BB Day 22
GraphQL bug bounty 2026 — find introspection leaks, injection vulnerabilities, IDOR via object IDs, and batch query abuse. Complete Day…
DVWA Labs
+5 XP
DVWA SQL Injection High Security Lab 2026 — Second-Order Injection | Hacking Lab 21
DVWA SQL injection high security lab 2026 — bypass mysql_real_escape_string using second-order injection, enumerate databases via blind techniques. Lab 21…
DVWA Labs
+5 XP
DVWA CSRF Advanced Lab 2026 — Token Bypass via XSS and Referer Validation Flaws | Hacking Lab20
DVWA CSRF advanced lab 2026 — bypass anti-CSRF token validation using XSS, exploit Referer header flaws, and chain CSRF with…
Prompt Injection
+5 XP
Indirect Prompt Injection 2026 — When Web Pages Attack Your AI Agent
Complete guide to indirect prompt injection attacks in 2026. Covers how adversarial instructions in web pages, documents, RAG databases, and…
DVWA Labs
+5 XP
DVWA XSS Cookie Theft Lab 2026 — Steal Session Cookies and Hijack Accounts | Hacking Lab 19
DVWA XSS cookie theft lab 2026 — inject payloads to steal session cookies, set up a listener, hijack authenticated sessions…
AI in Hacking
+5 XP
AI Supply Chain Attacks 2026 — How Hackers Poison Models Before You Deploy Them
AI supply chain attacks 2026 — model poisoning on Hugging Face, pickle-based code execution on model load, training data poisoning,…