Every now and then I come across a topic that is too complicated to try to learn or explain through a single blog post, in those instances I like to build up a lab to play around in. Here are a bunch of these labs, the ones that are safe to put online.

If you like these labs, and are interested in using them in your training or would like some bespoke labs creating for your organisation, please get in touch.

  • Authentication Lab Play with various broken authentication systems.
  • The CORS Demos A set of CORS requests and responses to demonstrate all the different permutations.
  • GraphQLab A lab to help understand and then attack a GraphQL based application.
  • SocketToMe A lab to play with web sockets.
  • SVG XSS Defence Scenarios Did you know that SVG files can contain JavaScript which can be used for Cross-Site Scripting? This lab demonstrated this, and shows how it can be defended against.
  • vuLnDAP An LDAP based vulnerable web application.
  • Web Cache Poisoning The implementation of some of the web cache poisoning issues identified by James Kettle.

Support The Site

I don't get paid for any of the projects on this site so if you'd like to support my work you can do so by using the affiliate links below where I either get account credits or cash back. Usually only pennies, but they all add up.