Home
Web Security

Security practice

Web Security

XSS, CSRF, SSRF, CSP — the web attacker's playbook.

← Back to all areas

200 XP
XSS Variants
Reflected, stored, DOM — same bug, three delivery modes.
•
200 XP
CSRF & SameSite
Forged requests, anti-CSRF tokens, SameSite cookies.
•
250 XP
CSP In Depth
Nonces vs hashes, the unsafe-inline trap, Trusted Types.
•

arcade.