Web applications have become the backbone of modern digital infrastructure, yet they remain prime targets for malicious actors seeking to exploit vulnerabilities and compromise sensitive data. These Hacktivity labs offer a comprehensive, hands-on approach to understanding and defending against these evolving threats. These practical exercises are designed to bridge the gap between theoretical knowledge and real-world application, enabling learners to develop both offensive and defensive cyber security skills. Through guided scenarios and interactive challenges, participants will gain invaluable experience in identifying, analysing, and mitigating the most common web application vulnerabilities.

The practical labs cover various aspects of web security, providing you with a solid foundation in fundamental concepts and practical skills. The topics covered include Session Management, which explores sessions and cookies, Cross-Site Scripting (XSS), which delves into the pervasive threat of XSS attacks, SQL Injection, addressing the prevalent threat to web applications, and Advanced SQL Injection, which goes into the intricacies of injection attacks, including OS command injection and automated SQL injection. Additionally, the collection covers Cross-Site Request Forgery (CSRF), focusing on the exploitation of user trust in this prevalent attack. Throughout the labs, participants engage in hands-on activities using various tools such as Damn Vulnerable Web App (DVWA), OWASP WebGoat, OWASP Security Shepherd, and Zed Attack Proxy (ZAP), gaining practical experience in identifying, exploiting, and mitigating web security vulnerabilities. The labs aim to equip participants with the skills necessary for ethical hacking, auditing, and securing web applications in real-world scenarios, covering a range of security challenges and techniques.