Practicing Basic Concepts On Web Security

Building (and Breaking) a Vulnerable Web App in Go + Vue.js As developers, we often learn best by doing, and in cybersecurity, that means not just building secure systems, but also understanding how they break. During the last months, I was on charge of explaining some of the OWASP vulnerabilities to my team, and for that I created a vulnerable web application using Go (backend) and Vue.js (frontend), designed to demonstrate some of the most common and dangerous web vulnerabilities. The project is available here: https://github.com/manuelarte/gowasp The README includes a step-by-step hands-on exploitation guide. In this post, I’ll walk through the key vulnerabilities implemented in the app and how an attacker can exploit them. 🧨 1. SQL Injection The vulnerability SQL Injection occurs when user input is directly concatenated into SQL queries without proper sanitization or parameterization. A typical vulnerable pattern looks like: query := "SELECT * FROM users WHERE email = '" + email +