This project showcases the vulnerability assessment I conducted as part of my internship at ShadowFox. The main target for analysis was a purposely vulnerable website testphp.vulnweb.com which allowed me to simulate and understand real-world web attacks in a controlled environment.
My role involved information gathering, vulnerability planning and executing several attacks to identify common web application flaws. I began with port scanning and directory enumeration to map the attack surface, and then moved on to more critical exploits like SQL Injection, authentication bypass and local file inclusion (LFI). I was able to extract database details, simulate unauthorized admin access and test for sensitive file exposure all of which emphasized the importance of input validation and secure coding practices.
Each vulnerability taught me how attackers manipulate insecure logic and configurations and how developers and defenders must harden applications against such threats. This hands-on experience didn’t just sharpen my technical skills but it gave me the mindset of an ethical hacker and the clarity to spot risks that often go unnoticed in live environments.