Through hands-on practice of exploiting these vulnerabilities, students will gain a more intuitive and in-depth understanding of how security vulnerabilities are exploited and their effects, thereby increasing their awareness of potential risks during the development process. This course will enable SAs who are responsible for developing requirements specifications and PGs who write code to consider these attack scenarios before development and avoid dangerous coding practices. It will also enable security officers who need to review security test reports to quickly determine whether these vulnerabilities are "impossible to be exploited by hackers," thereby saving the team's development time.

• Introduction to Common Vulnerabilities and Hands-on Exercises
• A01 - Broken Access Control (3 practice questions)
• Techniques: Passing parameters in URLs, one-click password change, encoding and decoding
• Vulnerability Exercises: Missing Function Level Access Control, CSRF, Path Traversal
• A02 - Cryptographic Failures (2 practice questions)
• Techniques: Browser developer tools
• Vulnerability Exercises: Plaintext Storage of Passwords, Insecure Randomness

Own laptop (screen no smaller than 14 inches for comfortable operation)

Basic programming knowledge is required. Web application system development experience is recommended.