S E C U R I T Y B A N K
40Vulnerabilities
3Difficulty Tiers
120Total Challenges
SELECT DIFFICULTY MODE TO ENGAGE
Tier 1 // Beginner
Easy
Surface-level vulnerabilities. Direct payloads work without encoding tricks or filter bypasses.
- Raw SQL concat
- No CSRF tokens
- Verbose errors
- alg:none JWT
- IDOR via id param
- Open file upload
40 vulnerabilities · instant payloads
Engage Easy →
Tier 2 // Intermediate
Medium
Filters, blacklists, and weak validation in place. Bypasses required — encoding, polyglots, and chaining come into play.
- Quote filters
- Tag stripping
- Blacklisted chars
- Weak JWT secret
- API auth gaps
- Extension blocks
40 challenges · bypass required
Engage Medium →
Tier 3 // Advanced
Hard
Most vulns properly mitigated. Blind techniques, advanced bypasses, and chaining vulns required to exploit.
- Blind time-based SQLi
- Strict input validation
- Argv injection RCE
- JWT kid traversal
- Timing side-channel
- Chained vuln paths
40 challenges · expert mode
Engage Hard →
This application contains intentional vulnerabilities for security training.
Do NOT deploy on a public network. For authorized testing only.
v0.5-beta | build 9f6112218d