Category: WebSecurityAcademy
-
WebSecurityAcademy (PortSwigger) – API testing
Walk-through of the API testing labs on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Web LLM attacks
Walk-through of the Web LLM attacks labs on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – NoSQL Injection
Walk-through of the NoSQL Injection vulnerabilities lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Race conditions
Walk-through of the Race conditions vulnerabilities lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Testing GraphQL APIs
Walk-through of the Testing GraphQL APIs labs on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Prototype pollution
Walk-through of the Prototype pollution vulnerabilities lab on PortSwigger Web Security Academy. Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects.
-
WebSecurityAcademy (PortSwigger) – Server-side template injection
Walk-through of the Server-side template injection vulnerabilities lab on PortSwigger Web Security Academy. Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate web pages by combining fixed templates with volatile data.…
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Web cache poisoning
Walk-through of the Web cache poisoning vulnerabilities lab on PortSwigger Web Security Academy. Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – DOM-based vulnerabilities
Walk-through of the DOM-based vulnerabilities lab on PortSwigger Web Security Academy. DOM-based vulnerabilities arise when a website contains JavaScript that takes an attacker-controllable value, known as a source, and passes it into a dangerous function, known as a sink.
-
WebSecurityAcademy (PortSwigger) – Essential skills
Walk-through of the Essential skills lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – OAuth authentication
Walk-through of the OAuth authentication lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Insecure deserialization
Walk-through of the Insecure deserialization lab on PortSwigger Web Security Academy. See Exploiting insecure deserialization vulnerabilities.
-
WebSecurityAcademy (PortSwigger) – Business logic vulnerabilities
Walk-through of the Business logic vulnerabilities lab on PortSwigger Web Security Academy. See Examples of business logic vulnerabilities.
-
WebSecurityAcademy (PortSwigger) – Information disclosure
Walk-through of the Information disclosure lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – HTTP Host header attacks
Walk-through of the HTTP Host header attacks lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Cross-origin resource sharing (CORS)
Walk-through of the Cross-origin resource sharing (CORS) lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Authentication
Walk-through of the Authentication lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Access control vulnerabilities
Walk-through of the Access control vulnerabilities lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – WebSockets
Walk-through of the WebSockets lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Clickjacking
Walk-through of the Clickjacking lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – File upload vulnerabilities
Walk-through of the File upload vulnerabilities lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – JWT
Walk-through of JWT lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – OS command injection
Walk-through of the OS command injection lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – Directory Traversal
Walk-through of the Directory traversal (or File Path Traversal) lab on PortSwigger Web Security Academy. Directory traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Cross-site request forgery (CSRF)
Walk-through of Cross-site request forgery (CSRF) lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Cross-site scripting (XSS)
Walk-through of Cross-site scripting lab on PortSwigger Web Security Academy.
-
WebSecurityAcademy (PortSwigger) – SQL Injections
Walk-through of SQL injection lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – XML external entity (XXE) injection
Walk-through of the XML external entity (XXE) injection lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Server-side request forgery (SSRF)
Walk-through of the Server-side request forgery (SSRF) lab on PortSwigger Web Security Academy.
-
IN PROGRESS: WebSecurityAcademy (PortSwigger) – HTTP request smuggling
Walk-through of the HTTP request smuggling vulnerabilities lab on PortSwigger Web Security Academy.