^.^;

OWASP Web Security Lab

Comprehensive web application security training covering the OWASP Top 10, API vulnerabilities, and advanced attack techniques.

Coming Soon - In Development

Development Roadmap

The OWASP Web Security Lab will launch after the Blue Team Lab reaches completion (currently 7/15 modules complete). This lab is being built by an OWASP member with 3 years of community support.

Once complete, this platform will be showcased to the OWASP community as a comprehensive, interactive web security training resource.

Planned Module Structure

1

Phase 1: OWASP Top 10 (2021)

planned
Broken Access Control (A01)
Cryptographic Failures (A02)
Injection (SQL, XSS, Command) (A03)
Insecure Design (A04)
Security Misconfiguration (A05)
Vulnerable & Outdated Components (A06)
Identification & Authentication Failures (A07)
Software & Data Integrity Failures (A08)
Security Logging & Monitoring Failures (A09)
Server-Side Request Forgery (A10)
2

Phase 2: Advanced Web Attacks

planned
Cross-Site Scripting (XSS) - Reflected, Stored, DOM
Cross-Site Request Forgery (CSRF)
XML External Entity (XXE)
Server-Side Template Injection (SSTI)
Insecure Deserialization
Business Logic Flaws
3

Phase 3: API Security

planned
OWASP API Security Top 10
REST API Vulnerabilities
GraphQL Injection
JWT Attacks & Token Security

Interactive Labs

Hands-on simulations for each OWASP vulnerability type with real-world exploitation scenarios.

Code Examples

Vulnerable code samples, exploitation techniques, and secure coding practices for each attack.

Defense Strategies

Mitigation techniques, secure architecture patterns, and OWASP recommended defenses.

While the OWASP Lab is in development, explore our active cybersecurity platforms:

Built by OWASP Member

3 years supporting the OWASP Foundation

Terms of ServiceLicense AgreementPrivacy Policy
Copyright © 2025 JMFG. All rights reserved.