Cyfotok Labs · Isolated range
Semi-untrusted vulnerable simulators, sandboxed from production. Access is only via short-lived RS256 tokens issued by labs.cyfotok.com.
# Issue token on labs, then:
/lab/xss-basic?token=<jwt>
# Starter labs
xss-basic · sql-injection · auth-bypass