Web Security Academy

Welcome to the Web Security Academy. This is a free learning resource on web security provided by PortSwigger.

Free web security training

The Web Security Academy contains free training on cybersecurity topics, including security vulnerabilities, techniques for finding and exploiting security flaws, and defensive measures for avoiding them.

The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you. Best of all, everything is free!

The team behind the Web Security Academy includes Dafydd Stuttard, author of The Web Application Hacker's Handbook.

View all learning materials

Web security training

Web security vulnerabilities

Get started with your learning and find out about the following web security vulnerabilities:

Web security video tutorials

Many of the topics are accompanied by high-quality web security tutorials in video form. Our web security training presenters explain each vulnerability clearly in a classroom style, with worked examples of different types of vulnerabilities, showing relevant code syntax and APIs where applicable.

Over time, we'll be adding more video tutorials to cover all of the web security topics featured in the training.

Web security video tutorial

Web security vulnerability labs

Web security vulnerability lab instructions and solution

The web security tutorials include a large number of interactive vulnerability labs. These contain real examples of web security vulnerabilities frequently encountered in the wild. You can safely and legally experiment with the web vulnerability labs to understand how each example works, and practice techniques for finding each vulnerability.

To access the vulnerability labs and track your progress, you'll just need to log in. Sign up if you don't have an account already.

What is web / cybersecurity?

Web security (also known as cybersecurity) is a broad subject matter that includes protecting web sites and related assets against cyber attacks, the process of testing web applications to uncover security vulnerabilities, and good practices for secure web development.

The best way to learn about cybersecurity is by studying actual web security vulnerabilities, to understand how they work, how to test for them, and how to defend against attacks. Our free web security training, with a wide range of concrete examples and web security tutorials, provides a perfect playground to learn about cybersecurity and related concepts.

Cybersecurity training

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login