Skip to content

raj-71/portswigger-notes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
1. SQL injection
1. SQL injection
 
 
12. NoSQL Injection
12. NoSQL Injection
 
 
13. API Testing
13. API Testing
 
 
16. Cross-Site Request Forgery (CSRF)
16. Cross-Site Request Forgery (CSRF)
 
 
17. Cross-origin resource sharing (CORS)
17. Cross-origin resource sharing (CORS)
 
 
18. Clickjacking/1. Basic clickjacking with CSRF token protection/img
18. Clickjacking/1. Basic clickjacking with CSRF token protection/img
 
 
2. Authentication
2. Authentication
 
 
20. WebSockets
20. WebSockets
 
 
27. HTTP Request Smuggling
27. HTTP Request Smuggling
 
 
29. JWT Attacks
29. JWT Attacks
 
 
3. Path traversal
3. Path traversal
 
 
4. OS Command Injection
4. OS Command Injection
 
 
5. Business Logic Vulnerabilities
5. Business Logic Vulnerabilities
 
 
6. Information Disclosure
6. Information Disclosure
 
 
7. Access Control
7. Access Control
 
 
readme.md
readme.md
 
 

Repository files navigation

Write-up PortSwigger Web Security Academy

Status

ID Topic Apprentice Practitioner Expert
Server-side topics
01 SQL injection ✔️ 2/2 ✔️ 16/16 -
02 Authentication ✔️ 3/3 ✔️ 9/9 ✔️ 2/2
03 Path traversal ✔️ 1/1 ✔️ 5/5 -
04 OS Command injection ✔️ 1/1 ✔️ 4/4 -
05 Business logic vulnerabilities ✔️ 4/4 ✔️ 7/7 ✔️ 1/1
06 Information disclosure ✔️ 4/4 ✔️ 1/1 -
07 Access control ✔️ 9/9 ✔️ 4/4 -
08 File upload vulnerabilities ✖️ 0/2 ✖️ 0/4 ✖️ 0/1
09 Race conditions ✖️ 0/1 ✖️ 0/4 ✖️ 0/1
10 Server-side request forgery (SSRF) ✖️ 0/2 ✖️ 0/3 ✖️ 0/2
11 XXE injection ✖️ 0/2 ✖️ 0/6 ✖️ 0/1
12 NoSQL Injection ✔️ 2/2 ✔️ 2/2 -
13 API Testing ✔️ 1/1 ✔️ 3/3 ✔️ 1/1
14 Web cache deception ✖️ 0/1 ✖️ 0/3 ✖️ 0/1
Client-side topics
15 Cross-site scripting (XSS) ✖️ 0/9 ✖️ 0/15 ✖️ 0/6
16 Cross-site request forgery (CSRF) ✔️ 1/1 ✔️ 11/11 -
17 Cross-origin resource sharing (CORS) ✔️ 2/2 ✔️ 1/1 -
18 Clickjacking ✖️ 0/3 ✖️ 0/2 -
19 DOM-based vulnerabilities - ✖️ 0/5 ✖️ 0/2
20 WebSockets ✔️ 1/1 ✔️ 2/2 -
Advanced topics
21 Insecure deserialization ✖️ 0/1 ✖️ 0/6 ✖️ 0/3
22 Web LLM attacks ✖️ 0/1 ✖️ 0/2 ✖️ 0/1
23 GraphQL API vulnerabilities ✖️ 0/1 ✖️ 0/4 -
24 Server-side template injection - ✖️ 0/5 ✖️ 0/2
25 Web cache poisoning - ✖️ 0/9 ✖️ 0/4
26 HTTP Host header attacks ✖️ 0/2 ✖️ 0/4 ✖️ 0/1
27 HTTP request smuggling - ✖️ 0/15 ✖️ 0/7
28 OAuth authentication ✖️ 0/1 ✖️ 0/4 ✖️ 0/1
29 JWT attacks ✔️ 2/2 ✔️ 4/4 ✖️ 0/2
30 Prototype pollution - ✖️ 0/9 ✖️ 0/1
31 Essential skills - ✖️ 0/2 -

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published