PHP

PHP

Learn about code vulnerability, why it happens, and how to eliminate it

Select a tutorial and start sharpening your skills!

Start

This is a free version.

SQL Injection

SQL Injection is a type of application security vulnerability whereby a malicious user is able to manipulate the SQL statements that the application sends to the backend database server for execution. A successful SQL injection attack exposes the data of the underlying database directly to the attacker. Play and Learn...

5-8 MIN

SQL Injection

XXE Processing

XML External Entity (XXE) Processing is a type of application security vulnerability whereby a malicious user can attack poorly configured/implemented XML parser within an application. Malicious external entity references can be forced by an attacker, which results in unauthorized read-access to sensitive files on the server that the XML parser runs from. Denial of Service is another potential outcome. Play and Learn...

5-8 MIN

XXE Processing
Available in Full Version only

XXE Injection

XML External Entity (XXE) Injection is a type of application security vulnerability whereby a malicious user can attack poorly configured/implemented XML parser within an application. Malicious external entity references can be forced by an attacker, which results in unauthorised read-access to sensitive files on the server that the XML parser runs from. Denial of Service is another potential outcome. Play and Learn...

5-8 MIN

XXE Injection
Available in Full Version only

Command Injection

A Command Injection vulnerability, when exploited by a malicious user, results in execution of arbitrary system commands on the host operating system. Command Injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers, etc) to a system command. The malicious system command is run server side with the same privileges as the application. Play and Learn...

5-8 MIN

Command Injection
Available in Full Version only

Session Fixation

Session Fixation is a type of application vulnerability where an application does not correctly renew session tokens when changing from a pre-login to post-login state. The same pre-login session token should not be used post-login, otherwise an attacker has the potential to steal authenticated sessions of legitimate users. When a session of one user is stolen by another, it is known as a hijacked session". Play and Learn..."

5-8 MIN

Session Fixation
Available in Full Version only

Use of Insufficiently Random Values

Insufficiently Random Values are an application security vulnerability whereby the application generates predictable values in sensitive areas of code that absolutely require strict randomness (unpredictability). As a result it may be possible for an attacker to predict the next value generated by the application to defeat cryptographic routines, access sensitive information, or impersonate another user. Play and Learn...

5-8 MIN

Use of Insufficiently Random Values
Available in Full Version only

Reflected XSS

Unlike Persistent XSS, with Reflected Cross-site Scripting (XSS) attacker-supplied script code is never stored within the application itself. Instead the attacker crafts a malicious request to the application to illicit a single HTTP response by the application that contains the attacker's supplied script code. Successful attacks require victim users to open a maliciously crafted link (which is very easy to do). Play and Learn...

5-8 MIN

Reflected XSS
Available in Full Version only

Stored (Persistent) XSS

Persistent Cross-Site Scripting (XSS) is an application vulnerability whereby a malicious user tricks a web application into storing attacker-supplied script code which is then later served to unsuspecting user(s) of the application. The attacker-supplied script code runs on the client-side system of other end user(s) of the application. This type of vulnerability is widespread and affects web applications that utilize (unvalidated) user-supplied input to generate (unencoded) application output, that is served to users. Play and Learn...

5-8 MIN

Stored (Persistent) XSS
Available in Full Version only

DOM XSS

Document Object Model (DOM) Based XSS is a type of XSS attack wherein the attacker's payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment. Play and Learn...

5-8 MIN

DOM XSS
Available in Full Version only

Directory (Path) Traversal

Directory (Path) Traversal is an application vulnerability that allows an attacker to access directories and files that are stored outside the web root folder. This type of vulnerability is found in applications that make insecure references to files based on user supplied input. A classic example is manipulating file location input variables with “dot-dot-slash (../)” sequences and its variations, to access arbitrary files and directories of the server's file system, such as sourcecode or password files, or other sensitive files. Play and Learn...

5-8 MIN

Directory (Path) Traversal
Available in Full Version only

Privileged Interface Exposure

Privileged Interface Exposure is a type of application weakness whereby a privileged (administration) interface is accessible to regular (low-privileged) users of the system. Because administration interfaces are only used by trusted administrator users, they are often overlooked from a security perspective. When exposed to the public Internet a malicious attacker could use the interface to her advantage. Play and Learn...

5-8 MIN

Privileged Interface Exposure
Available in Full Version only

Leftover Debug Code

A common development practice is to add back door" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. When this sort of debug code is accidentally left in the application

5-8 MIN

Leftover Debug Code
Available in Full Version only

Authentication Credentials In URL

Insecure Logging is a type of application security vulnerability whereby the application is configured to either log sensitive data to log files (such as personally identifiable information, payment card information, or authentication credentials etc). Furthermore, if the application is not correctly validating user-supplied input that is then stored in logs, an attacker is able to maliciously manipulate log files. Play and Learn...

5-8 MIN

Authentication Credentials In URL
Available in Full Version only

Session Exposure Within URL

The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. Browser weaknesses are very common and easy to detect, but hard to exploit on a large scale. External attackers have difficulty detecting server side flaws due to limited access and they are also usually hard to exploit. Play and Learn...

5-8 MIN

Session Exposure Within URL
Available in Full Version only

User Enumeration

User Enumeration is a type of application security vulnerability whereby the vulnerable web application reveals whether a username (email address or account name) exists or not, this can be a consequence of a misconfiguration or a design decision. The information obtained via user enumeration can then be used by an attacker to gain a list of users on system. This information can be used to further attack the web application, for example, such as through a brute force credential guessing attack. Play and Learn...

5-8 MIN

User Enumeration
Available in Full Version only

Horizontal Privilege Escalation

Horizontal Privilege Escalation is an application vulnerability that allows one (normal) User of an application to create, read, update and/or delete the data belonging to another (normal) User. This type of vulnerability is often the result of errors in the authorization logic. Play and Learn...

5-8 MIN

Horizontal Privilege Escalation
Available in Full Version only

Vertical Privilege Escalation

Missing Function Level Access Control is an application vulnerability that allows either an Anonymous User or Legitimate User of the application to access the create, read, update and/or delete functionality belonging to another user of the application. This example we show how Vertical Privilege Escalation is a potential outcome of this vulnerability. Play Learn...

5-8 MIN

Vertical Privilege Escalation
Available in Full Version only

Cross Site Request Forgery (POST)

Cross-Site Request Forgery (CSRF) is an application security vulnerability that permits an attacker to force another logged-in user of the application to perform actions within that application without realising. The classic example is Bob and Alice both being logged-in users of an online banking application, and Bob tricks Alice into making a funds transfer to Bob's account with CSRF. Importantly, in CSRF attacks the attacker does not have a direct mechanism for seeing the application's response to the victim. Play and Learn...

5-8 MIN

Cross Site Request Forgery (POST)
Available in Full Version only

Cross Site Request Forgery (GET)

Cross-Site Request Forgery (CSRF) is an application security vulnerability that permits an attacker to force another logged-in user of the application to perform actions within that application without realising. The classic example is Bob and Alice both being logged-in users of an online banking application, and Bob tricks Alice into making a funds transfer to Bob's account with CSRF. Importantly, in CSRF attacks the attacker does not have a direct mechanism for seeing the application's response to the victim. Play and Learn...

5-8 MIN

Cross Site Request Forgery (GET)
Available in Full Version only

Click Jacking

Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

5-8 MIN

Click Jacking
Available in Full Version only

Insecure URL Redirect

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

5-8 MIN

Insecure URL Redirect
Available in Full Version only

Insecure TLS Validation

Insecure TLS validation is a security vulnerability that permits an attacker to bypass SSL pinning.

5-8 MIN

Insecure TLS Validation
Available in Full Version only

Insecure Object Deserialization

Insecure Object Deserialization is a security vulnerability that permits an attacker to abuse application logic, deny service, or execute arbitrary code, when an object is being deserialized.

5-8 MIN

Insecure Object Deserialization
Available in Full Version only

Vulnerable and Outdated Components

Code libraries, both proprietary and third-party, need constant maintenance and updates. Even if proprietary code is 100% secure, failure to update third-party components, and particularly updates that mitigate security vulnerabilities, will likely leave environments vulnerable to attack.

5-8 MIN

Vulnerable and Outdated Components