🔒 Cyber Security

Learn web application penetration testing, OWASP Top 10 vulnerabilities (SQLi, XSS, JWT, IDOR, SSRF) with interactive Pixar-style Lego animations and quiz practice.

Web Penetration Testing, OWASP Top 10 vulnerabilities, interactive simulations and security automation

What you can learn on this page

  • 🎯 Security Mindset & QA — Cyber security testing is like checking if a castle not only has a locked door, but also scanning its secret tunnels, weak walls, and if the guards can be tricked. As QA engineers, our goal is not just to see if the app works, but to verify that a malicious mo
  • 1. SQL & NoSQL Injection — SQL Injection is like inserting a magic skeleton key (like ' OR 1=1 --) into a database locker instead of a normal name, causing all the locks to shatter and all drawers to spill their contents. 2 Analogies: Explaining SQLi
  • 2. Cross-Site Scripting (XSS) — XSS is like posting a sticky note with a small hidden trick device on a school bulletin board that steals the lunch money of anyone who looks at the board. 2 Analogies: Explaining XSS
  • 3. Broken Auth & JWT Security — Broken Authentication is like an amusement park ticket collector accepting a VIP wristband drawn with crayons (forged JWT token) without verifying the official stamp. 2 Analogies: Broken Authentication
  • 4. IDOR & Access Control — IDOR is like walking down a street of Lego houses and changing the house ID (from userId=5 to userId=6) in the URL to open your neighbor's front door and access their private toy box. 2 Analogies: IDOR Vulnerabilities
  • 5. XXE & SSRF (Server-Side) — SSRF is like tricking a server castle guard robot into walking into the castle's internal vaults (like localhost:8080/admin) to fetch secret documents, because the robot blindly trusts request paths. 2 Analogies: Server-Side Request Forgery
  • 6. Security Misconfigurations — Security Misconfiguration is like buying a new safe and leaving its factory default passcode (admin/admin) active, or leaving structural blueprint pages taped to the front door. 2 Analogies: Security Misconfigurations
  • 7. Insecure Deserialization — Insecure Deserialization is like disassembling a Lego robot into a shipping box (Serialization) and someone opening the box in transit to swap the guide steps, forcing the builder to construct a self-destruct device (Deserialization). 2 Analogies: Insecure Des