Offensive security sandbox
This environment behaves like a compact, production-grade attack surface. Each endpoint is instrumented end-to-end so you can safely point scanners, HTTP clients, or custom scripts at it while the backend classifies traffic, rate-limits abuse, and feeds telemetry into the security dashboard.
- /sandbox/sql — SQL injection lab focused on classic payloads, detection signals, and safe parameterised query patterns.
- /sandbox/xss — Reflected XSS and malicious payload exercises with output encoding and server-side filtering.
- /sandbox/rate-limit — Automated/bot-style traffic, scanners, and WAF-style token-bucket rate limiting with event logging.
- /chat — Prompt injection lab targeting the Digital Twin chatbot, with every attempt analysed, blocked where necessary, and written to the audit trail.
- /sandbox/auth — Authentication and authorisation lab covering broken access control, privilege escalation attempts, and misconfigured secrets.
Treat this like a small, dedicated target in a professional red-team lab: attack only the endpoints documented here, observe how they are classified on the dashboard, and do not reuse payloads against systems you do not own.