Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me
  1. Web Security Academy
  2. All labs

All labs

Mystery lab challenge

Try solving a random lab with the title and description hidden. As you'll have no prior knowledge of the type of vulnerability that you need to find and exploit, this is great for practicing recon and analysis.

Take me to the mystery lab challenge

SQL injection

Cross-site scripting

Cross-site request forgery (CSRF)

Clickjacking

DOM-based vulnerabilities

Cross-origin resource sharing (CORS)

XML external entity (XXE) injection

Server-side request forgery (SSRF)

HTTP request smuggling

OS command injection

Server-side template injection

Directory traversal

Access control vulnerabilities

Authentication

WebSockets

Web cache poisoning

Insecure deserialization

Information disclosure

Business logic vulnerabilities

HTTP Host header attacks

OAuth authentication

File upload vulnerabilities

JWT

Essential skills

Prototype pollution