“A collection of controlled environments and proof-of-concepts (PoC) designed to demonstrate common web vulnerabilities and their mitigations.”

CSRF/CORS Defense: origin, referer, anti-csrf token

This server-side web application has good defenses against CSRF (cross-site requests are not allowed). You can use “csrf-test” website to test it.

• csrf-defense.davidequirillo.eu
• csrf-test.davidequirillo.eu

XSS Example: steal sensitive data

A small example of a XSS payload (sanitized and not sanitized), with a button to “steal” page data.

• xss-test.davidequirillo.eu