A total of over 1,000,00 views on Youtube and over a 1,000 students registered on the Academy!
This course is based on a Youtube series called the Web Security Academy Series. This series aims to be a one stop course for not only learning how to hack web applications, but also learning how to automate your exploits using Python3 and gaining an understanding of how to mitigate vulnerabilities to defend web applications against real world attacks!
The course uses a mixture of both theory and practice. The theory component covers the background knowledge that is required in order to gain an advanced understanding of the technical details behind a specific vulnerability class. The practical component makes use of PortSwigger's Web Security Academy labs to get real world hands on experience in hacking applications. As can be seen in the course curriculum, we aim for in depth advanced understanding of each vulnerability class. The SQL Injection module alone is over 9 hours long! The course will be constantly updated until all modules in the Web Security Academy are completed.
Course Curriculum - 30+ Hours
- SQL Injection | Complete Guide (71:35)
- Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data (29:06)
- Lab #2 SQL injection vulnerability allowing login bypass (33:17)
- Lab #3 SQLi UNION attack determining the number of columns returned by the query (33:59)
- Lab #4 SQL injection UNION attack, finding a column containing text (29:08)
- Lab #5 SQL injection UNION attack, retrieving data from other tables (24:45)
- Lab #6 SQL injection UNION attack, retrieving multiple values in a single column (29:24)
- Lab #7 SQL injection attack, querying the database type and version on Oracle (26:50)
- Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft (22:16)
- Lab #9 SQL injection attack, listing the database contents on non Oracle databases (45:18)
- Lab #10 SQL injection attack, listing the database contents on Oracle (40:24)
- Lab #11 Blind SQL injection with conditional responses (48:38)
- Lab #12 Blind SQL injection with conditional errors (44:58)
- Lab #13 Blind SQL injection with time delays (19:08)
- Lab #14 Blind SQL injection with time delays and information retrieval (35:37)
- Lab #15 Blind SQL injection with out-of-band interaction (10:19)
- Lab #16 Blind SQL injection with out of band data exfiltration (8:17)
- Lab #17 SQL injection with filter bypass via XML encoding (7:14)
- Authentication Vulnerabilities | Complete Guide (29:35)
- Lab #1 Username enumeration via different responses (6:02)
- Lab #2 2FA simple bypass (11:46)
- Lab #3 Password reset broken logic (13:10)
- Lab #4 Username enumeration via subtly different responses (9:23)
- Lab #5 Username enumeration via response timing (13:58)
- Lab #6 Broken brute-force protection, IP block (14:20)
- Lab #7 Username enumeration via account lock (9:41)
- Lab #8 2FA broken logic (9:36)
- Lab #9 Brute-forcing a stay-logged-in cookie (17:13)
- Directory Traversal | Complete Guide (21:05)
- Lab #1 File path traversal, simple case (13:58)
- Lab #2 File path traversal, traversal sequences blocked with absolute path bypass (10:55)
- Lab #3 File path traversal, traversal sequences stripped non-recursively (14:26)
- Lab #4 File path traversal, traversal sequences stripped with superfluous URL-decode (12:19)
- Lab #5 File path traversal, validation of start of path (10:28)
- Lab #6 File path traversal, validation of file extension with null byte bypass (9:54)
- Command Injection | Complete Guide (29:58)
- Lab #1 OS command injection, simple case (18:03)
- Lab #2 Blind OS command injection with time delays (19:32)
- Lab #3 Blind OS command injection with output redirection (25:51)
- Lab #4 Blind OS command injection with out-of-band interaction (6:35)
- Lab #5 Blind OS command injection with out-of-band data exfiltration (7:33)
- Broken Access Control | Complete Guide (38:05)
- Lab #1 Unprotected admin functionality (15:06)
- Lab #2 Unprotected admin functionality with unpredictable URL (22:56)
- Lab #3 User role controlled by request parameter (23:42)
- Lab #4 User role can be modified in user profile (21:39)
- Lab #5 URL-based access control can be circumvented (15:23)
- Lab #6 Method-based access control can be circumvented (17:23)
- Lab #7 User ID controlled by request parameter (21:24)
- Lab #8 User ID controlled by request parameter, with unpredictable user IDs (29:18)
- Lab #9 User ID controlled by request parameter with data leakage in redirect (21:36)
- Lab #10 User ID controlled by request parameter with password disclosure (27:13)
- Lab #11 Insecure direct object references (22:44)
- Lab #12 Multi-step process with no access control on one step (16:25)
- Lab #13 Referer-based access control (14:15)
- Server-Side Request Forgery (SSRF) | Complete Guide (45:31)
- Lab #1 Basic SSRF against the local server (21:31)
- Lab #2 Basic SSRF against another back-end system (26:53)
- Lab #3 SSRF with blacklist-based input filter (20:08)
- Lab #4 SSRF with whitelist-based input filter (21:04)
- Lab #5 SSRF with filter bypass via open redirection vulnerability (18:36)
- Lab #6 Blind SSRF with out-of-band detection (6:01)
- Lab #7 Blind SSRF with Shellshock exploitation (12:41)
- Cross-Site Request Forgery (CSRF) | Complete Guide (47:02)
- Lab #1 CSRF vulnerability with no defenses (22:22)
- Lab #2 CSRF where token validation depends on request method (20:33)
- Lab #3 CSRF where token validation depends on token being present (14:29)
- Lab #4 CSRF where token is not tied to user session (18:01)
- Lab #5 CSRF where token is tied to non-session cookie (27:06)
- Lab #6 CSRF where token is duplicated in cookie (20:36)
- Lab #7 CSRF where Referer validation depends on header being present (19:32)
- Lab #8 CSRF with broken Referer validation (17:59)
- Cross-Origin Resource Sharing (CORS) | Complete Guide (50:49)
- Lab #1 CORS vulnerability with basic origin reflection (15:13)
- Lab #2 CORS vulnerability with trusted null origin (19:08)
- Lab #3 CORS vulnerability with trusted insecure protocols (23:32)
- Lab #4 CORS vulnerability with internal network pivot attack (35:21)
"Absolutely amazing and detailed videos that break down what is going on and take you through the exploitation process. As well as the methodology for testing and how to automate the process afterwards, which is great if you are also wanting to learn some python on the side. All while delivering it in an easy to follow and easy to understand way."
"This is great work, I like your explanation on these topics and the way you present them really sits well with the way I learn. Thanks for taking the time to put this together, it is really appreciated."
"Your videos are really helpful for a beginner like me. With your step by step explanation approach, I am able to understand the topics and gained confidence towards more learning. Thank you for that."
Education Should Be a Right, Not a Privilege
We believe in making education affordable to everyone, so although this course is offered as a paid course, all the lectures will eventually be made free on Youtube. This ensures that anyone who can't afford the cost of the course has as much of an opportunity to learn as someone who can afford the course.
That being said, if you do register to the course, you will have access to the following extra perks:
- Gain early access to recorded material.
- Gain access to a discord channel where you could ask questions and collaborate with like-minded individuals.
- No longer have to deal with Youtube ads / sponsor messages.
- Support me and make a difference. Any revenue generated from this course will be go back into maintaining the academy and creating more videos that will be made available for free on my Youtube channel.