Web Security Academy Learning Path
Offered By: PortSwigger via Independent
Course Description
Overview
The Web Security Academy is a free online training center for web application security. It includes content from PortSwigger's in-house research team, experienced academics, and Chief Swig Dafydd Stuttard.
Unlike a textbook, the Academy is constantly updated. It also includes interactive labs where you can put what you learn to the test. If you want to improve your knowledge of hacking, or you'd like to become a bug bounty hunter or pentester, you're in the right place.
Syllabus
Server-side topics
- SQL Injection
- Authentication
- Directory Traversal
- Command Injection
- Business Logic Vulnerabilities
- Information Disclosure
- Access Control
- File Upload Vulnerabilities
- Server-side Request Forgery (SSRF)
- XXE Injection
Client-side Topics
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- Cross-origin Resource Sharing (CORS
- ClickJacking
- DOM-based Vulnerabilities
- WebSockets
Advanced Topics
- Insecure deserialization
- Server-side Template Injection
- Web Cache Poisoning
- HTTP Host Header Attacks
- HTTP Request Smuggling
- OAuth Authentication
- JWT Attacks
Burp Suite Certified Practitioner
- Certification Exam
Related Courses
Authentication & Authorization: OAuthUdacity Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Hacking and Patching
University of Colorado System via Coursera Fundamentals of Computer Network Security
University of Colorado System via Coursera