(In this course, we comprehensively analyze all aspects of WEB security from four aspects: principles of Web security vulnerabilities, attack methods, testing methods, and preventive measures. It can provide certain guidance for developers, testers, operation and maintenance personnel, network engineers, etc. significance. The content includes bypass vulnerabilities, authentication mechanism vulnerabilities, session management vulnerabilities, permission control vulnerabilities, sql injection, xpath injection, xss, csrf, logic vulnerabilities, social engineering attacks, automated auditing, etc.)