Gruyere Learn Web Application Exploits Defenses Top May 2026

Include a unique, secret token in every form. The server only accepts the request if the token matches.

Users learn to find both reflected and stored XSS vulnerabilities by injecting scripts into input fields and URLs. gruyere learn web application exploits defenses top

Backend network Exploit: Attacker makes the server fetch an internal resource (metadata endpoint, localhost services). Include a unique, secret token in every form

XML parsers Exploit: Attacker provides an XML document containing an external entity that reads local files or performs SSRF. Include a unique

Cross-Site Request Forgery (CSRF)

WordPress Cookie Notice by Real Cookie Banner