https://github.com/vaneeza-7/web-security-seed-labs-2.0

Web Security SEED Labs 2.0 on SQL Injection, CSRF and XSS
https://github.com/vaneeza-7/web-security-seed-labs-2.0

csrf seed-labs sql-injection-sqli xss

Last synced: 3 days ago
JSON representation

Web Security SEED Labs 2.0 on SQL Injection, CSRF and XSS

• Host: GitHub
• URL: https://github.com/vaneeza-7/web-security-seed-labs-2.0
• Owner: Vaneeza-7
• License: mit
• Created: 2025-01-24T14:39:36.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-01-24T14:51:34.000Z (9 months ago)
• Last Synced: 2025-07-19T08:01:37.068Z (3 months ago)
• Topics: csrf, seed-labs, sql-injection-sqli, xss
• Homepage:
• Size: 8.5 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Seed Labs 2.0: Web Security (SQL Injection, CSRF, XSS)

## Introduction

This repository contains the report for practical labs and exercises focused on common web vulnerabilities, including:

- **SQL Injection (SQLi):** Exploiting improper input validation to execute malicious SQL queries.

- **Cross-Site Request Forgery (CSRF):** Forcing authenticated users to perform actions without their consent.

- **Cross-Site Scripting (XSS):** Injecting malicious scripts into web applications.

The labs are based on these [**Seed Labs 2.0**](https://seedsecuritylabs.org/Labs_20.04/Web/).

## Features

1. **SQL Injection (SQLi) Lab**

   - Understand how SQL injection attacks work.

   - Learn how to bypass authentication and extract sensitive data.

   - Mitigation techniques: Prepared statements, parameterized queries, and input validation.

2. **Cross-Site Request Forgery (CSRF) Lab**

   - Explore how attackers can force users to perform unintended actions.

   - Create and execute CSRF payloads.

   - Mitigation techniques: CSRF tokens and SameSite cookies.

3. **Cross-Site Scripting (XSS) Lab**

   - Experiment with stored, reflected, and DOM-based XSS attacks.

   - Learn to inject scripts to steal cookies, deface pages, or perform malicious actions.

   - Mitigation techniques: Input sanitization, output encoding, and CSP (Content Security Policy).

4. **Secure Coding Practices**

   - Guidance on fixing vulnerabilities.

   - Practical examples of secure implementations.

## Contributors

- [Naima Zafar](https://github.com/NaimaZafar)

- [Ayra Alamdar](https://github.com/ayra-alamdar)

- [Vaneeza](https://github.com/Vaneeza-7)