Blind SQL injection occurs when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. Many ...

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS ...

This learning path explores authentication vulnerabilities, which have a critical impact on security. You'll learn about common mechanisms and vulnerabilities, and strategies for robust authentication ...

You host in your own environment.

Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add ...

If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a ...

Manipulating the WebSocket handshake to exploit vulnerabilities 0 of 2 Manipulating the WebSocket handshake to exploit vulnerabilities Lab: Manipulating the WebSocket handshake to exploit ...

What is the impact of blind SSRF vulnerabilities? How to find and exploit blind SSRF vulnerabilities How to find and exploit blind SSRF vulnerabilities - Continued Lab: Blind SSRF with out-of-band ...

Web cache deception exploits discrepancies between cache proxy and backend parsers, leading web servers to mistakenly cache and serve dynamic content as though it were static. This vulnerability is ...

This learning path introduces you to prototype pollution vulnerabilities in JavaScript. You'll learn what prototype pollution is, how it can be exploited, and how to prevent it in your applications.