Offensive

How the web works and how it breaks: the OWASP Top 10, injection, XSS, broken auth and access control.

1. 01How the web works (and where it breaks)HTTP, statelessness, cookies and sessions, the same-origin policy: the foundations every web vulnerability builds on.~4 min read
2. 02The OWASP Top 10 (2025)The industry's reference list of the most critical web application risks: what each category means, with the 2025 changes.~4 min read
3. 03Injection and XSS in depthSQL injection, command injection and the three flavours of cross-site scripting: how they work and the one idea that prevents them all.~4 min read
4. 04Broken access control, auth and other web flawsIDOR, CSRF, SSRF, broken authentication and session management: the non-injection web vulnerabilities you must recognise.~4 min read