Category: WebSecurityAcademy

WebSecurityAcademy (PortSwigger) – API testing

Walk-through of the API testing labs on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Web LLM attacks

Walk-through of the Web LLM attacks labs on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – NoSQL Injection

Walk-through of the NoSQL Injection vulnerabilities lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Race conditions

Walk-through of the Race conditions vulnerabilities lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Testing GraphQL APIs

Walk-through of the Testing GraphQL APIs labs on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Prototype pollution

Walk-through of the Prototype pollution vulnerabilities lab on PortSwigger Web Security Academy. Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects.
WebSecurityAcademy (PortSwigger) – Server-side template injection

Walk-through of the Server-side template injection vulnerabilities lab on PortSwigger Web Security Academy. Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate web pages by combining fixed templates with volatile data.…
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Web cache poisoning

Walk-through of the Web cache poisoning vulnerabilities lab on PortSwigger Web Security Academy. Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – DOM-based vulnerabilities

Walk-through of the DOM-based vulnerabilities lab on PortSwigger Web Security Academy. DOM-based vulnerabilities arise when a website contains JavaScript that takes an attacker-controllable value, known as a source, and passes it into a dangerous function, known as a sink.
WebSecurityAcademy (PortSwigger) – Essential skills

Walk-through of the Essential skills lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – OAuth authentication

Walk-through of the OAuth authentication lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Insecure deserialization

Walk-through of the Insecure deserialization lab on PortSwigger Web Security Academy. See Exploiting insecure deserialization vulnerabilities.
WebSecurityAcademy (PortSwigger) – Business logic vulnerabilities

Walk-through of the Business logic vulnerabilities lab on PortSwigger Web Security Academy. See Examples of business logic vulnerabilities.
WebSecurityAcademy (PortSwigger) – Information disclosure

Walk-through of the Information disclosure lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – HTTP Host header attacks

Walk-through of the HTTP Host header attacks lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Cross-origin resource sharing (CORS)

Walk-through of the Cross-origin resource sharing (CORS) lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Authentication

Walk-through of the Authentication lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Access control vulnerabilities

Walk-through of the Access control vulnerabilities lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – WebSockets

Walk-through of the WebSockets lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Clickjacking

Walk-through of the Clickjacking lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – File upload vulnerabilities

Walk-through of the File upload vulnerabilities lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – JWT

Walk-through of JWT lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – OS command injection

Walk-through of the OS command injection lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – Directory Traversal

Walk-through of the Directory traversal (or File Path Traversal) lab on PortSwigger Web Security Academy. Directory traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Cross-site request forgery (CSRF)

Walk-through of Cross-site request forgery (CSRF) lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Cross-site scripting (XSS)

Walk-through of Cross-site scripting lab on PortSwigger Web Security Academy.
WebSecurityAcademy (PortSwigger) – SQL Injections

Walk-through of SQL injection lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – XML external entity (XXE) injection

Walk-through of the XML external entity (XXE) injection lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – Server-side request forgery (SSRF)

Walk-through of the Server-side request forgery (SSRF) lab on PortSwigger Web Security Academy.
IN PROGRESS: WebSecurityAcademy (PortSwigger) – HTTP request smuggling

Walk-through of the HTTP request smuggling vulnerabilities lab on PortSwigger Web Security Academy.