All learning materials

See detailed view

Web Security Academy Learning Paths
Race conditions
GraphQL API vulnerabilities
	What is GraphQL?
All topics
Put your recon skills to the test
Getting started with the Web Security Academy
What is prototype pollution?
	JavaScript prototypes and inheritance
	Client-side prototype pollution vulnerabilities
		Prototype pollution via browser APIs
	Server-side prototype pollution
	Preventing prototype pollution vulnerabilities
Essential skills
	Obfuscating attacks using encodings
	Using Burp Scanner during manual testing
SQL injection
	Examining the database in SQL injection attacks
	SQL injection UNION attacks
	Blind SQL injection
	SQL injection cheat sheet
Cross-site scripting
	Reflected XSS
	Stored XSS
	DOM-based XSS
	Cross-site scripting contexts
		Client-side template injection
	Exploiting cross-site scripting vulnerabilities
	Dangling markup injection
	Content security policy
	How to prevent XSS
	Cross-site scripting (XSS) cheat sheet
Cross-site request forgery (CSRF)
	XSS vs CSRF
	Bypassing CSRF token validation
	Bypassing SameSite cookie restrictions
	Bypassing Referer-based CSRF defenses
	How to prevent CSRF vulnerabilities
XML external entity (XXE) injection
	XML entities
	Finding and exploiting blind XXE vulnerabilities
Clickjacking (UI redressing)
Cross-origin resource sharing (CORS)
	Same-origin policy (SOP)
	CORS and the Access-Control-Allow-Origin response header
Server-side request forgery (SSRF)
	Blind SSRF vulnerabilities
HTTP request smuggling
	Finding HTTP request smuggling vulnerabilities
	Exploiting HTTP request smuggling vulnerabilities
	Advanced request smuggling
		HTTP/2-exclusive vectors
		Response queue poisoning
		HTTP request tunnelling
		HTTP/2 downgrading
	Browser-powered request smuggling
		CL.0 request smuggling
		Client-side desync attacks
		Pause-based desync attacks
OS command injection
Server-side template injection
	Exploiting server-side template injection vulnerabilities
Insecure deserialization
	Exploiting insecure deserialization vulnerabilities
Path traversal
Access control vulnerabilities and privilege escalation
	Insecure direct object references (IDOR)
	Access control security models
Authentication vulnerabilities
	Vulnerabilities in password-based login
	Vulnerabilities in multi-factor authentication
	Vulnerabilities in other authentication mechanisms
	How to secure your authentication mechanisms
	Authentication lab usernames
	Authentication lab passwords
OAuth 2.0 authentication vulnerabilities
	OAuth grant types
	OpenID Connect
	How to prevent OAuth authentication vulnerabilities
Business logic vulnerabilities
	Examples of business logic vulnerabilities
Testing for WebSockets security vulnerabilities
	What are WebSockets?
	Cross-site WebSocket hijacking
DOM-based vulnerabilities
	Controlling the web message source
	DOM-based open redirection
	DOM-based cookie manipulation
	DOM-based JavaScript injection
	DOM-based document-domain manipulation
	DOM-based WebSocket-URL poisoning
	DOM-based link manipulation
	Web message manipulation
	DOM-based Ajax request-header manipulation
	DOM-based local file-path manipulation
	DOM-based client-side SQL injection
	DOM-based HTML5-storage manipulation
	DOM-based client-side XPath injection
	DOM-based client-side JSON injection
	DOM-data manipulation
	DOM-based denial of service
	DOM clobbering
Web cache poisoning
	Exploiting cache design flaws
	Exploiting cache implementation flaws
HTTP Host header attacks
	How to identify and exploit HTTP Host header vulnerabilities
		Password reset poisoning
Information disclosure vulnerabilities
	How to find and exploit information disclosure vulnerabilities
File upload vulnerabilities
JWT attacks
	Algorithm confusion attacks
Guidelines for submitting video solutions
Who is behind the Web Security Academy?
Welcome back!

Want to track your progress and have a more personalized learning experience? (It's free!)

All learning materials

Find vulnerabilities using Burp Suite