TOPICS / Web Security
Web Security
Find and fix vulnerabilities in web applications.
Web apps are the most exposed part of most organizations, and flaws like SQL injection, XSS, SSRF, and CSRF remain rampant. Securing them means understanding the weakness classes and validating your defenses.
Use these tools to inspect headers, decode tokens, and check TLS — and the references to learn the underlying weaknesses.
Free tools
Practice
Latest coverage
- CVE-2026-9082: Critical Drupal SQL Injection Under Attack on Thousands of Sites
- Vercel's v0.dev AI Tool Weaponized for Phishing Campaigns Targeting Microsoft, Nike Users
- Gemini CLI Prompt Injection Flaw Could Have Poisoned Google's Own Supply Chain
- PCPJack Cloud Worm Evicts TeamPCP and Steals 40+ Credential Types at Scale
- Dirty Frag: CVE-2026-43284 and CVE-2026-43500 Grant Root Access Across All Major Linux Distros
- PCPJack Cloud Worm Evicts Competitor Malware, Steals Credentials from Docker and Kubernetes
- Metasploit Adds ARMLE Support to CVE-2026-31431 Copy Fail Linux Root Exploit
- PamDOORa: New Linux Backdoor Sells for $900 on Russian Forum, Harvests SSH Credentials via PAM
Key terms
SQL Injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Server-Side Request Forgery (SSRF)
Web Application Firewall (WAF)
Reference databases