-
Notifications
You must be signed in to change notification settings - Fork 0
Home
"You'll need to understand every lessons there, and to complete every labs -
and by completing, I also mean that you'll need to understand the answers, not
just looking on the answers to pass to the next one.
Then you're done, you're technically skilled enough, but you still lack some
practice. We're running Hacker101, a CTF that gives you some realistic
experience of bug bounty, but where you know for sure that there are some
vulnerabilities. HackTheBox is also a great resource to learn some deep and
advanced ways to exploit vulnerabilities on real environments."
- Blaklis AWC24 #guidance discord.
Tip
If for whatever reason you want to expand all the collapsed sections, paste the command below in the Developer Console.
document.querySelectorAll('details').forEach(detail => detail.open = true);Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite
Server-side topics:
- SQL injection
- Authentication
- File path traversal
- OS command injection
- Business logic vulnerabilities
- Information disclosure
- Access control vulnerabilities
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XML external entity (XXE) injection
- NoSQL injection
- API testing
Client-side topics:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics: