This is my web security testing repository, where I document, track, and share my penetration testing labs across different vulnerability categories
Each web vulnerability below links to a dedicated repository containing detailed writeups, methodologies, and attack walkthroughs for every lab I've solved
| Vulnerability | Repository |
|---|---|
| Access Control Vulnerabilities | Access Control Labs |
| File Upload Vulnerabilities | File Upload Labs |
| Authentication Vulnerabilities | Authentication Labs |
| Cross-Site Scripting (XSS) | XSS Labs |
| SQL Injection | SQLi Labs |
| Cross-Site Request Forgery (CSRF) | CSRF Labs |
| Clickjacking | Clickjacking Labs |
| DOM-Based Vulnerabilities | DOM Labs |
| Cross-Origin Resource Sharing (CORS) | CORS Labs |
| XML External Entity (XXE) Injection | XXE Labs |
| Server-Side Request Forgery (SSRF) | SSRF Labs |
| HTTP Request Smuggling | Request Smuggling Labs |
| OS Command Injection | OS Command Injection Labs |
| Server-Side Template Injection | SSTI Labs |
| Path Traversal | Path Traversal Labs |
| WebSockets | WebSockets Labs |
| Web Cache Poisoning | Cache Poisoning Labs |
| Insecure Deserialization | Insecure Deserialization Labs |
| Information Disclosure | Info Disclosure Labs |
| Business Logic Vulnerabilities | Business Logic Labs |
| HTTP Host Header Attacks | Host Header Labs |
| OAuth Authentication | OAuth Labs |
| JWT (JSON Web Tokens) | JWT Labs |
| Essential Skills | Essential Skills Labs |
| Prototype Pollution | Prototype Pollution Labs |
| GraphQL API Vulnerabilities | GraphQL Labs |
| Race Conditions | Race Conditions Labs |
| NoSQL Injection | NoSQL Labs |
| API Testing | API Testing Labs |
| Web LLM Attacks | Web LLM Labs |
| Web Cache Deception | Web Cache Deception Labs |