Cyber Revision: free cybersecurity revision and hands-on practice

Web Exploitation

Most applications are reached over the web, and most of the flaws that get them breached come from the same handful of mistakes made again and again. This module teaches you to recognise those flaws in the raw: in a header, a request, a token, a query.

By the end you will be able to:

Read HTTP requests and responses and reason about sessions, cookie flags and the same-origin policy.
Map a flaw you have spotted to its category in the OWASP Top 10:2025.
Recognise SQL, command and cross-site-scripting injection from a payload, and name the fix that actually works.
Tell stored, reflected and DOM-based XSS apart, and know which control stops each.
Spot broken access control, broken authentication, CSRF and SSRF from the evidence in front of you.

The exam is practical: ten self-contained artifacts to decode and classify, graded in your browser. Get seven of ten and the certificate is yours.

Module objectives

Web Exploitation