1. Web Security Academy
  2. Credits

Who is behind the Web Security Academy?

The Web Security Academy is primarily maintained by a small team at PortSwigger, the makers of Burp Suite.

The core content was originally created by PortSwigger founder, Dafydd Stuttard. Rather than publish a third edition of the Web Application Hacker's Handbook, which he co-authored with his former colleague, Marcus Pinto, Daf decided to create a completely free, interactive, online learning platform.

Since then, we've regularly updated the Academy to keep up with the latest developments and discoveries from the rapidly evolving world of web security. This includes creating new content and deliberately vulnerable labs to help you learn about the cutting-edge techniques pioneered by our world-renowned research team.

Community contributions

We're delighted to have such an enthusiastic community of users consisting of both experienced web security professionals and novice users who are just learning the fundamentals.

We'd like to thank the following Academy users, who have all created video walkthroughs and explanations for some of our labs:

Rana Khalil, Michael Sommer, Z3nsh3ll, Intigriti, Emanuele Picariello, nu11 security, Garr_7

If you're interested in contributing your own videos, check out our video submission guidelines for details on how to do this.

Inspiration from the community

Our team are constantly on the lookout for cool new research and novel techniques. It's impossible to credit everyone, but we'd like to thank the following members of the web security community for sharing their findings, which we've integrated into our learning materials and labs:

Orange Tsai, Mikhail Klyuchnikov, PTSwarm, Szymon Drosdzol

Note that we've received so many great contributions to our Cross-site scripting (XSS) cheat sheet that we maintain a separate credit list.