This repository is an index and navigation point for three proof-of-concept (PoC) labs demonstrating web application vulnerabilities identified through Dynamic Application Security Testing (DAST).
By centralizing links and context, we avoid duplicating code while keeping a clean, consistent entry point for reviewers, developers, and security testers.
Each lab focuses on a specific area—weak TLS ciphers, clickjacking, and HTTP request smuggling—with runnable PoCs and clear remediation notes.
Tests if a server negotiates weak/deprecated TLS ciphers by iterating a list via curl --ciphers.
Supports cookie and URL options to reach authenticated endpoints.
Remediation: disable obsolete ciphers and enforce minimal TLS versions.
Repo: https://github.com/dbaimakov/Cipher-Check-Test-Script
A minimal HTML PoC that uses an <iframe> and overlay to demonstrate UI redress (clickjacking).
Shows how a user click on a visible control can trigger a hidden action in the framed page.
Mitigation: X-Frame-Options (DENY/SAMEORIGIN) or CSP frame-ancestors.
Repo: https://github.com/dbaimakov/clickjacking-lab
Demonstrates HTTP Request Smuggling when front-end and back-end parse request boundaries differently (e.g., Content-Length vs Transfer-Encoding: chunked).
Includes raw PoC requests and reproduction steps.
Mitigation: normalize/strip conflicting headers, prefer HTTP/2 end-to-end, update/properly configure proxies & back-ends.
Repo: https://github.com/dbaimakov/http-request-smuggling-lab
flowchart TD
A[Index: DAST Vulnerability Labs] --> B[Cipher-Check-Test-Script]
A --> C[clickjacking-lab]
A --> D[http-request-smuggling-lab]