Sanitize User Input for Go Applications

Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!

Learn the fundamentals of SQL Injection, one of the most critical web vulnerabilities. This challenge covers how attackers exploit insecure code to manipulate database queries, the different types of SQLi attacks, and their potential impact on your application.

Exploit an SQL Injection vulnerability in the Globomantics CRM to bypass authentication. You will then review the insecure code and learn how parameterized queries are used to effectively prevent SQL injection attacks.

Assess your understanding of SQL Injection. This quiz will test your knowledge of SQL injection (SQLi) concepts.

Discover the mechanics of Cross-Site Scripting (XSS), a vulnerability that targets application users. This challenge explains how attackers inject malicious scripts into trusted websites, the differences between Stored, Reflected, and DOM-based XSS, and the risks.

Exploit a Cross-Site Scripting (XSS) flaw in Globomantics CRM's feedback section by injecting a malicious script. You will then analyze the insecure code and review the usage of Go html/template package to encode user output and neutralize the threat properly.

Test your knowledge of Cross-Site Scripting.

Learn about Cross-Site Request Forgery (CSRF), the one-click attack that tricks users into performing unintended actions. This challenge covers the mechanics of how CSRF abuses a user's authenticated session and the standard defense against it.

Demonstrate a Cross-Site Request Forgery (CSRF) attack on an unprotected Globomantics CRM endpoint. You'll use a malicious page to force an unintended approval, then review anti-CSRF tokens in the Go app to secure the financial transaction.

Assess your understanding of Cross-Site Request Forgery.