Web Security Academy:~#
The Web Security Academy is an online platform that focuses on teaching web application security. It provides interactive labs, tutorials, and challenges to help users learn about vulnerabilities such as cross-site scripting (XSS), SQL injection, and more. It’s designed for both beginners and advanced users interested in understanding and mitigating security risks specific to web applications.
It offers:~#
The Web Security Academy offers a range of resources and benefits focused on web application security:
- Interactive Labs: Provides hands-on experience with simulated web application environments to practice identifying and exploiting security vulnerabilities.
- Tutorials and Guides: Offers comprehensive tutorials and guides that explain various web security concepts, vulnerabilities (e.g., XSS, SQL injection), and mitigation techniques.
- Real-World Scenarios: Simulates real-world attack scenarios to help users understand how vulnerabilities can be exploited and how to defend against them.
- Progressive Learning Paths: Structured learning paths cater to different skill levels, from beginners to advanced practitioners, ensuring a gradual and thorough understanding of web security principles.
- Community and Support: Access to a community of learners and experts where users can ask questions, share knowledge, and discuss best practices in web security.
- Career Development: Acquiring web security skills can enhance career prospects in cybersecurity, software development, or related fields, as web security is critical for protecting sensitive data and maintaining trust in online services.
Here is a list of write-ups:~#
Access Controls Labs:#
| Writeup |
Description |
Date |
| LAB |
Unprotected admin functionality |
May 12 2024 |
| LAB |
Unprotected admin functionality unpredictable URL |
May 14 2024 |
| LAB |
User role controlled by request parameter |
May 15 2024 |
| LAB |
User ID controlled by request parameter,with unpredictable user IDs |
May 16 2024 |
| LAB |
User ID controlled by request parameter |
July 02 2024 |
| LAB |
User ID controlled by request parameter with data leakage in redirect |
July 03 2024 |
| LAB |
Insecure direct object references |
July 04 2024 |
| LAB |
Referer-based access control |
July 04 2024 |
| Writeup |
Description |
Date |
| LAB |
Information disclosure in error messages |
Aug 07 2024 |
| LAB |
Information disclosure on debug page |
Aug 07 2024 |
| LAB |
Source code disclosure via backup files |
Aug 07 2024 |
| LAB |
Authentication bypass via information disclosure |
Aug 10 2024 |
| LAB |
Infromation disclosure in version control history |
Aug 10 2024 |
SSRF Lab:#
| Writeup |
Description |
Date |
| LAB |
Basic SSRF against the local server |
May 28 2024 |
| LAB |
SSRF attacks against other back-end systems |
May 29 2024 |
Authentication Labs:#
| Writeup |
Description |
Date |
| LAB |
Username enumeration via different responses |
May 24 2024 |
| LAB |
2 Factor Authentication Simple Bypass |
May 27 2024 |
| LAB |
Username Enumeration Via Subtly Different Responses. |
Nov 7 2024 |
File Uploads Vulnerabilities:#
| Writeup |
Description |
Date |
| LAB |
Remote code execution via web shell upload, PHP web shell |
June 4 2024 |
Path Traversal Lab:#
| Writeup |
Description |
Date |
| LAB |
All Path/Directory Traversal, URL encoding, Admin functionality |
May 21 2024 |
If you have any issues with my write-up or if you’d like to connect with me, here is my Twitter @T3chnocr4t