A canopy of apple-blossom

TL/DR: Many web applications can still easily be exploited to gain unauthorised access to sensitive data and webservers. Notes on techniques based on, and writeups of, Portswigger Labs, Root-me challenges and TryHackMe CTFs.

Forever in progress ...

TryHackMe rooms


Root-me challenges


Portswigger Web Security Academy labs

XSS


Books