Learn how web applications really break
Web security is complex, and mistakes are easy to make. This project focuses on the most common web vulnerabilities, especially those caused by blind AI “vibe coding”
Start Breaking Web Applications
SQL injection
Exploit unsafe database queries to extract, modify or destroy data. Learn why parameterized queries exist the hard way.
Learn
IDOR
Access resources that were never meant to be yours by abusing broken access control and predictable identifiers.
Learn
XSS
Inject and execute malicious JavaScript in vulnerable applications. Steal sessions, deface pages, understand trust boundaries.
Learn