Web Applications


Web challenges require users to demonstrate their knowledge of web technologies by exploiting common vulnerabilities in them. These technologies may include cookies, databases, or specific web application frameworks.

Learning Resources

Contains examples of many common web exploitation techniques, such as SQL Injection.

Available through the USF Library!

A collection of web challenges of varying difficulty, HackThisSite is a great place to test your web skills.

Check out HackThis, a similar website.

A vulnerable web application with many flaws that you can practice on.

Easily practice basic SQL injection using a simple interactive web form.

A document from the Open Web Application Security Project (OWASP) documenting "The Ten Most Critical Web Application Security Risks", published in 2017.


A graphical tool for testing Web application security. Provides many useful features, such as capturing traffic, editing requests, brute-forcing capabilities.

A useful, simple graphical interface for crafting custom requests, typically for use in developing web APIs.

An extension for Google Chrome that allows you to easily create or edit cookies.

Not typically needed for most CTFs, Nessus is a useful vulnerability scanner, including scans for many common web vulnerabilities.

Provides public URL to your localhost server. Very useful when you need to capture and inspect web traffic to another site, such as capturing admin cookies using XSS