Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Security Academy Series Course
Introduction
Introduction to the Web Security Academy Series (11:52)
Join the Discord Channel
SQL Injection
SQL Injection | Complete Guide (71:35)
Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data (29:06)
Lab #2 SQL injection vulnerability allowing login bypass (33:17)
Lab #3 SQLi UNION attack determining the number of columns returned by the query (33:59)
Lab #4 SQL injection UNION attack, finding a column containing text (29:08)
Lab #5 SQL injection UNION attack, retrieving data from other tables (24:45)
Lab #6 SQL injection UNION attack, retrieving multiple values in a single column (29:24)
Lab #7 SQL injection attack, querying the database type and version on Oracle (26:50)
Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft (22:16)
Lab #9 SQL injection attack, listing the database contents on non Oracle databases (45:18)
Lab #10 SQL injection attack, listing the database contents on Oracle (40:24)
Lab #11 Blind SQL injection with conditional responses (48:38)
Lab #12 Blind SQL injection with conditional errors (44:58)
Lab #13 Blind SQL injection with time delays (19:08)
Lab #14 Blind SQL injection with time delays and information retrieval (35:37)
Lab #15 Blind SQL injection with out-of-band interaction (10:19)
Lab #16 Blind SQL injection with out of band data exfiltration (8:17)
Lab #17 SQL injection with filter bypass via XML encoding (7:14)
Authentication Vulnerabilities
Authentication Vulnerabilities | Complete Guide (29:35)
Lab #1 Username enumeration via different responses (6:02)
Lab #2 2FA simple bypass (11:46)
Lab #3 Password reset broken logic (13:10)
Lab #4 Username enumeration via subtly different responses (9:23)
Lab #5 Username enumeration via response timing (13:58)
Lab #6 Broken brute-force protection, IP block (14:20)
Lab #7 Username enumeration via account lock (9:41)
Lab #8 2FA broken logic (9:36)
Lab #9 Brute-forcing a stay-logged-in cookie (17:13)
Directory Traversal
Directory Traversal | Complete Guide (21:05)
Lab #1 File path traversal, simple case (13:58)
Lab #2 File path traversal, traversal sequences blocked with absolute path bypass (10:55)
Lab #3 File path traversal, traversal sequences stripped non-recursively (14:26)
Lab #4 File path traversal, traversal sequences stripped with superfluous URL-decode (12:19)
Lab #5 File path traversal, validation of start of path (10:28)
Lab #6 File path traversal, validation of file extension with null byte bypass (9:54)
OS Command Injection
Command Injection | Complete Guide (29:58)
Lab #1 OS command injection, simple case (18:03)
Lab #2 Blind OS command injection with time delays (19:32)
Lab #3 Blind OS command injection with output redirection (25:51)
Lab #4 Blind OS command injection with out-of-band interaction (6:35)
Lab #5 Blind OS command injection with out-of-band data exfiltration (7:33)
Access Control Vulnerabilities
Broken Access Control | Complete Guide (38:05)
Lab #1 Unprotected admin functionality (15:06)
Lab #2 Unprotected admin functionality with unpredictable URL (22:56)
Lab #3 User role controlled by request parameter (23:42)
Lab #4 User role can be modified in user profile (21:39)
Lab #5 URL-based access control can be circumvented (15:23)
Lab #6 Method-based access control can be circumvented (17:23)
Lab #7 User ID controlled by request parameter (21:24)
Lab #8 User ID controlled by request parameter, with unpredictable user IDs (29:18)
Lab #9 User ID controlled by request parameter with data leakage in redirect (21:36)
Lab #10 User ID controlled by request parameter with password disclosure (27:13)
Lab #11 Insecure direct object references (22:44)
Lab #12 Multi-step process with no access control on one step (16:25)
Lab #13 Referer-based access control (14:15)
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) | Complete Guide (45:31)
Lab #1 Basic SSRF against the local server (21:31)
Lab #2 Basic SSRF against another back-end system (26:53)
Lab #3 SSRF with blacklist-based input filter (20:08)
Lab #4 SSRF with whitelist-based input filter (21:04)
Lab #5 SSRF with filter bypass via open redirection vulnerability (18:36)
Lab #6 Blind SSRF with out-of-band detection (6:01)
Lab #7 Blind SSRF with Shellshock exploitation (12:41)
Cross-Site Scripting (XSS)
Cross-Site Scripting | Complete Guide
Lab #1 Stored XSS into HTML context with nothing encoded (6:28)
Lab #2 Stored XSS into anchor href attribute with double quotes HTML-encoded (11:28)
Lab #3 Exploiting cross-site scripting to steal cookies (11:14)
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) | Complete Guide (47:02)
Lab #1 CSRF vulnerability with no defenses (22:22)
Lab #2 CSRF where token validation depends on request method (20:33)
Lab #3 CSRF where token validation depends on token being present (14:29)
Lab #4 CSRF where token is not tied to user session (18:01)
Lab #5 CSRF where token is tied to non-session cookie (27:06)
Lab #6 CSRF where token is duplicated in cookie (20:36)
Lab #7 CSRF where Referer validation depends on header being present (19:32)
Lab #8 CSRF with broken Referer validation (17:59)
Cross-origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) | Complete Guide (50:49)
Lab #1 CORS vulnerability with basic origin reflection (15:13)
Lab #2 CORS vulnerability with trusted null origin (19:08)
Lab #3 CORS vulnerability with trusted insecure protocols (23:32)
Lab #4 CORS vulnerability with internal network pivot attack (35:21)
What's Next?
Upcoming Videos
Teach online with
Lab #3 File path traversal, traversal sequences stripped non-recursively
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock