< Back




~ Labs
  ~ 1. CSRF vulnerability with no defenses
  ~ 2. CSRF where token validation depends on request method
  ~ 3. CSRF where token validation depends on token being present
  ~ 4. CSRF where token is not tied to user session
  ~ 5. CSRF where token is tied to non-session cookie
  ~ 6. CSRF where token is duplicated in cookie
  ~ 7. SameSite Lax bypass via method override
  ~ 8. SameSite Strict bypass via client-side redirect