As a topic of my thesis I chose to analyze and present the vulnerabilities of modern web applications. Today, attacks on web applications are a major issue, which, regardless of size and popularity, endanger the security of personal and corporate data and the reliability of services. Most of these attacks are taking advantage of vulnerabilities due to developing or operating faults and laziness. The number of these mistakes could be prevented by increasing the awareness of developers and by understanding an attacker's mindset. Avatao is an IT training system that helps acquiring practical IT security skills and aims to increase the security awareness of programmers. In my thesis, I have created some illustrative examples of exploiting vulnerabilities based on the avatao platform, encouraging developers to avoid similar errors in their applications. Every example is a challenge to be solved, including descriptions and recommended readings which help users identify and exploit vulnerabilities, as well as sample solutions.Most of the vulnerabilities presented have been selected from recently released news. It was an important criterion that these should be realistic, but they should not be completely ordinary either.