Learn how to avoid writing vulnerable code

Learn how to write exploit code

Learn how to write secure code

SQLi: login bypass

Is this really what passwordless login means?

Start challenge #1

SQLi: second order

It's time to change your someone else's password.

Start challenge #2

SSRF: bypass webhook

Internal APIs are just external APIs that are a bit harder to access

Start challenge #3

SSRF: local file inclusion

Stealing your passwd, shadow, etc

Start challenge #4