All learning materials

See detailed view

Web Security Academy Learning Paths
Race conditions
GraphQL API vulnerabilities
     What is GraphQL?
All topics
Put your recon skills to the test
Getting started with the Web Security Academy
What is prototype pollution?
     JavaScript prototypes and inheritance
     Client-side prototype pollution vulnerabilities
          Prototype pollution via browser APIs
     Server-side prototype pollution
     Preventing prototype pollution vulnerabilities
Essential skills
     Obfuscating attacks using encodings
     Using Burp Scanner during manual testing
SQL injection
     Examining the database in SQL injection attacks
     SQL injection UNION attacks
     Blind SQL injection
     SQL injection cheat sheet
Cross-site scripting
     Reflected XSS
     Stored XSS
     DOM-based XSS
     Cross-site scripting contexts
          Client-side template injection
     Exploiting cross-site scripting vulnerabilities
     Dangling markup injection
     Content security policy
     How to prevent XSS
     Cross-site scripting (XSS) cheat sheet
Cross-site request forgery (CSRF)
     XSS vs CSRF
     Bypassing CSRF token validation
     Bypassing SameSite cookie restrictions
     Bypassing Referer-based CSRF defenses
     How to prevent CSRF vulnerabilities
XML external entity (XXE) injection
     XML entities
     Finding and exploiting blind XXE vulnerabilities
Clickjacking (UI redressing)
Cross-origin resource sharing (CORS)
     Same-origin policy (SOP)
     CORS and the Access-Control-Allow-Origin response header
Server-side request forgery (SSRF)
     Blind SSRF vulnerabilities
HTTP request smuggling
     Finding HTTP request smuggling vulnerabilities
     Exploiting HTTP request smuggling vulnerabilities
     Advanced request smuggling
          HTTP/2-exclusive vectors
          Response queue poisoning
          HTTP request tunnelling
          HTTP/2 downgrading
     Browser-powered request smuggling
          CL.0 request smuggling
          Client-side desync attacks
          Pause-based desync attacks
OS command injection
Server-side template injection
     Exploiting server-side template injection vulnerabilities
Insecure deserialization
     Exploiting insecure deserialization vulnerabilities
Path traversal
Access control vulnerabilities and privilege escalation
     Insecure direct object references (IDOR)
     Access control security models
Authentication vulnerabilities
     Vulnerabilities in password-based login
     Vulnerabilities in multi-factor authentication
     Vulnerabilities in other authentication mechanisms
     How to secure your authentication mechanisms
     Authentication lab usernames
     Authentication lab passwords
OAuth 2.0 authentication vulnerabilities
     OAuth grant types
     OpenID Connect
     How to prevent OAuth authentication vulnerabilities
Business logic vulnerabilities
     Examples of business logic vulnerabilities
Testing for WebSockets security vulnerabilities
     What are WebSockets?
     Cross-site WebSocket hijacking
DOM-based vulnerabilities
     Controlling the web message source
     DOM-based open redirection
     DOM-based cookie manipulation
     DOM-based JavaScript injection
     DOM-based document-domain manipulation
     DOM-based WebSocket-URL poisoning
     DOM-based link manipulation
     Web message manipulation
     DOM-based Ajax request-header manipulation
     DOM-based local file-path manipulation
     DOM-based client-side SQL injection
     DOM-based HTML5-storage manipulation
     DOM-based client-side XPath injection
     DOM-based client-side JSON injection
     DOM-data manipulation
     DOM-based denial of service
     DOM clobbering
Web cache poisoning
     Exploiting cache design flaws
     Exploiting cache implementation flaws
HTTP Host header attacks
     How to identify and exploit HTTP Host header vulnerabilities
          Password reset poisoning
Information disclosure vulnerabilities
     How to find and exploit information disclosure vulnerabilities
File upload vulnerabilities
JWT attacks
     Algorithm confusion attacks
Guidelines for submitting video solutions
Who is behind the Web Security Academy?
Welcome back!