A hands-on repository documenting my journey through the PortSwigger Web Security Academy as part of my preparation for the Burp Suite Certified Practitioner (BSCP) exam. Includes exploit automation and tooling written in Golang.
This repository serves as both a learning journal and a technical portfolio as I work through labs and topics from the PortSwigger Web Security Academy. My aim is to:
-
Deepen my understanding of web security vulnerabilities through practical, hands-on labs.
-
Automate attacks and solutions using Golang to sharpen both my programming and offensive security skills.
-
Build a toolkit of reusable scripts and functions for bug bounty.
-
Log my progress and insights for each module to track readiness for the Burp Suite Certified Practitioner (BSCP) exam.
| Topic | Apprentice | Practitioner | Expert | Total Labs |
|---|---|---|---|---|
| SQL Injection | 2/2 | 8/16 | - | 10/18 |
| Authenticaton | 1/3 | 0/9 | 0/2 | 1/14 |
| Path Traversal | 1/1 | 1/5 | - | 2/6 |
| Command Injection | 1/1 | 0/4 | - | 1/5 |
| Business Logic Vulnerabilities | 0/4 | 0/7 | 0/1 | 0/12 |
| Information Disclosure | 0/4 | 0/1 | - | 0/5 |
| Access Control | 0/9 | 0/4 | - | 0/13 |
| File Upload Vulnerabilities | 0/2 | 0/4 | 0/1 | 0/7 |
| Race conditions | 0/1 | 0/4 | 0/1 | 0/6 |
| Server-Side Request Forgery (SSRF) | 1/2 | 1/3 | 0/2 | 2/7 |
| XXE Injection | 0/2 | 0/6 | 0/1 | 0/9 |
| NoSQL Injection | 0/2 | 0/2 | - | 0/4 |
| API Testing | 0/1 | 0/3 | 0/1 | 0/5 |
| Web Cache Deception | 0/1 | 0/3 | 0/1 | 0/5 |
| Topic | Apprentice | Practitioner | Expert | Total Labs |
|---|---|---|---|---|
| Cross-Site Scripting (XSS) | 3/9 | 1/15 | 0/6 | 4/30 |
| Cross-Site Request Forgery (CSRF) | 1/1 | 1/11 | - | 2/12 |
| Cross-Origin Resource Sharing (CORS) | 0/2 | 0/1 | - | 0/3 |
| Clickjacking | 0/3 | 0/2 | - | 0/5 |
| DOM-Based Vulnerabilities | - | 0/5 | 0/2 | 0/7 |
| WebSockets | 0/1 | 0/2 | - | 0/3 |
| Topic | Apprentice | Practitioner | Expert | Total Labs |
|---|---|---|---|---|
| Insecure Deserialization | 0/1 | 0/6 | 0/3 | 0/10 |
| Web LLM Attacks | 0/1 | 0/2 | 0/1 | 0/4 |
| GraphQL API Vulnerabilites | 0/1 | 0/4 | - | 0/5 |
| Server-Side Template Injection | - | 5/5 | 0/2 | 0/7 |
| Web Cache Poisoning | - | 0/9 | 0/4 | 0/13 |
| HTTTP Host Header Attacks | 0/2 | 0/4 | 0/1 | 0/7 |
| HTTP Request Smuggling | - | 0/15 | 0/6 | 0/21 |
| OAuth Authenticaton | 0/1 | 0/4 | 0/1 | 0/6 |
| JWT Attacks | 0/2 | 0/4 | 0/2 | 0/8 |
| Prototype Pollution | - | 0/9 | 0/1 | 0/10 |
| Essential Skills | - | 0/2 | - | 0/2 |