Web Application Security CTF Report

A six-stage web application security challenge completed as part of a job application process. The report documents the full investigation chain, including JavaScript recon, exposed API endpoints, client-side signing logic, token-based authentication, password hash exposure, privilege escalation, insecure direct object access, database inspection, and final flag retrieval.