Moocable is learner-supported. When you buy through links on our site, we may earn an affiliate commission.
Information Security

Web Security Academy Learning Path

PortSwigger via Independent

Description

The Web Security Academy is a free online training center for web application security. It includes content from PortSwigger's in-house research team, experienced academics, and Chief Swig Dafydd Stuttard.

Unlike a textbook, the Academy is constantly updated. It also includes interactive labs where you can put what you learn to the test. If you want to improve your knowledge of hacking, or you'd like to become a bug bounty hunter or pentester, you're in the right place.

 

Tags
Microsoft Sentinel

Syllabus

Server-side topics

  1. SQL Injection
  2. Authentication
  3. Directory Traversal
  4. Command Injection
  5. Business Logic Vulnerabilities
  6. Information Disclosure
  7. Access Control
  8. File Upload Vulnerabilities
  9. Server-side Request Forgery (SSRF)
  10. XXE Injection

Client-side Topics

  1. Cross-site Scripting (XSS)
  2. Cross-site Request Forgery (CSRF)
  3. Cross-origin Resource Sharing (CORS
  4. ClickJacking
  5. DOM-based Vulnerabilities
  6. WebSockets

Advanced Topics

  1. Insecure deserialization
  2. Server-side Template Injection
  3. Web Cache Poisoning
  4. HTTP Host Header Attacks
  5. HTTP Request Smuggling
  6. OAuth Authentication
  7. JWT Attacks

Burp Suite Certified Practitioner

  1. Certification Exam

Start Learning Find study partner
Online Course
Information Security

Web Security Academy Learning Path

PortSwigger
Start Learning Find study partner
Affiliate notice

The Web Security Academy is a free online training center for web application security. It includes content from PortSwigger's in-house research team, experienced academics, and Chief Swig Dafydd Stuttard.

Unlike a textbook, the Academy is constantly updated. It also includes interactive labs where you can put what you learn to the test. If you want to improve your knowledge of hacking, or you'd like to become a bug bounty hunter or pentester, you're in the right place.

 

Server-side topics

  1. SQL Injection
  2. Authentication
  3. Directory Traversal
  4. Command Injection
  5. Business Logic Vulnerabilities
  6. Information Disclosure
  7. Access Control
  8. File Upload Vulnerabilities
  9. Server-side Request Forgery (SSRF)
  10. XXE Injection

Client-side Topics

  1. Cross-site Scripting (XSS)
  2. Cross-site Request Forgery (CSRF)
  3. Cross-origin Resource Sharing (CORS
  4. ClickJacking
  5. DOM-based Vulnerabilities
  6. WebSockets

Advanced Topics

  1. Insecure deserialization
  2. Server-side Template Injection
  3. Web Cache Poisoning
  4. HTTP Host Header Attacks
  5. HTTP Request Smuggling
  6. OAuth Authentication
  7. JWT Attacks

Burp Suite Certified Practitioner

  1. Certification Exam

Tags

Microsoft Sentinel

Quick Links

Browse by subject

Browse by provider

Browse by university

Browse by publisher

Browse by institution

Roadmaps

Posts