YoVDO

Web Security Academy Learning Path

Offered By: PortSwigger via Independent

Tags

Bug Bounty Courses Penetration Testing Courses Burp Suite Courses SQL Injection Courses Web Application Security Courses Insecure Deserialization Courses

Course Description

Overview

The Web Security Academy is a free online training center for web application security. It includes content from PortSwigger's in-house research team, experienced academics, and Chief Swig Dafydd Stuttard.

Unlike a textbook, the Academy is constantly updated. It also includes interactive labs where you can put what you learn to the test. If you want to improve your knowledge of hacking, or you'd like to become a bug bounty hunter or pentester, you're in the right place.

 

Syllabus

Server-side topics

  1. SQL Injection
  2. Authentication
  3. Directory Traversal
  4. Command Injection
  5. Business Logic Vulnerabilities
  6. Information Disclosure
  7. Access Control
  8. File Upload Vulnerabilities
  9. Server-side Request Forgery (SSRF)
  10. XXE Injection

Client-side Topics

  1. Cross-site Scripting (XSS)
  2. Cross-site Request Forgery (CSRF)
  3. Cross-origin Resource Sharing (CORS
  4. ClickJacking
  5. DOM-based Vulnerabilities
  6. WebSockets

Advanced Topics

  1. Insecure deserialization
  2. Server-side Template Injection
  3. Web Cache Poisoning
  4. HTTP Host Header Attacks
  5. HTTP Request Smuggling
  6. OAuth Authentication
  7. JWT Attacks

Burp Suite Certified Practitioner

  1. Certification Exam

Related Courses

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn An Introduction to OWASP Top 10 Vulnerabilities
Udemy Protecting Against XML External Entity and Deserialization Attacks in ASP.NET and ASP.NET Core
Pluralsight OWASP Top 10: #7 XSS and #8 Insecure Deserialization
LinkedIn Learning Previous OWASP Risks
Infosec via Coursera