Performed web app vulnerability testing using OWASP Juice Shop. Identified SQL Injection, XSS, and access control flaws through manual testing. Recommended secure coding practices like input validation and prepared statements. Built hands-on skills in ethical hacking.