In this session, we covered the fundamental principles of web application security, starting with a structured overview of web basics such as HTTP/HTTPS protocols, request–response architecture, and the role of cookies and sessions in maintaining state.

We then moved into a focused analysis of the OWASP Top 10, with particular emphasis on understanding and identifying SQL Injection and Cross-Site Scripting (XSS) vulnerabilities from a theoretical perspective.

To solidify this knowledge, we applied it عمليًا through hands-on labs on PortSwigger Academy. During these labs, we used Burp Suite to intercept and analyze web traffic, enabling us to successfully simulate and execute both SQLi and XSS attacks within a controlled testing environment.