# PortSwigger - Web Security Academy

<figure><img src="https://677614291-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrRWtuMw6xkkeDjZfkcWC%2Fuploads%2FUE6tRU42bCa2xhopE1tl%2Fimage.png?alt=media&#x26;token=e54c9347-1776-4e3d-98fc-8c0abc74236e" alt=""><figcaption><p>@PortSwigger Ltd</p></figcaption></figure>

## Web Security Academy

The Web Security Academy is a free online training center for web application security. It includes content from PortSwigger's in-house research team, experienced academics, encouraging theoretical and practical study with truly effective laboratories.

<figure><img src="https://677614291-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrRWtuMw6xkkeDjZfkcWC%2Fuploads%2FKxNafIAFu8eK1jeTFUxm%2Fimage.png?alt=media&#x26;token=c04fdebd-e670-41ec-bdfc-67aa0492d702" alt=""><figcaption></figcaption></figure>

* [Web Security Academy main page](https://portswigger.net/web-security/dashboard)
* [BurpSuite Documentation](https://portswigger.net/burp/documentation/desktop)

## Install & Configure Burp Suite

* [Burp Suite Configuration](https://app.gitbook.com/o/s2H3MdEB0Qp2IbE58Gxw/s/phdhIO0b8M69zOih5TFe/)
* [Getting Started Guide](https://portswigger.net/web-security/getting-started)

### Quick Method

In my case I installed Burp Suite Community Edition and Chromium on my main machine (Debian OS), by starting BurpSuite and clicking on Proxy -> Intercept -> Open Browser (orange button) it is possible to have Chromium already set for use and communicating directly with Burp.

<figure><img src="https://677614291-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrRWtuMw6xkkeDjZfkcWC%2Fuploads%2FLj9XGxIUQRhxkArDDrwY%2Fimage.png?alt=media&#x26;token=0a14d33c-2b97-41fa-b27b-9be45036f180" alt=""><figcaption></figcaption></figure>

<figure><img src="https://677614291-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrRWtuMw6xkkeDjZfkcWC%2Fuploads%2FN1AettCXOnl6AWjxnDaS%2Fimage.png?alt=media&#x26;token=e225b685-1f40-4f01-8ca0-0390acf399dd" alt=""><figcaption></figcaption></figure>

***

## Learning Paths

As suggested into HexDump BSCP Technical Guide there's not the methodology and the order of you path is subjective, you can use the existing learning paths, proceed with individual modules, do all the lab apprentice first etc, below is the table relating to a possible personalized study path: <https://blog.leonardotamiano.xyz/tech/bscp-technical-guide/>

<figure><img src="https://677614291-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrRWtuMw6xkkeDjZfkcWC%2Fuploads%2FR7CDzWXt7PtyQeDU4a3Y%2Fimage.png?alt=media&#x26;token=177971a3-44f9-4ac6-99b9-542b777cf8a8" alt=""><figcaption><p><a href="https://portswigger.net/web-security/learning-paths">https://portswigger.net/web-security/learning-paths</a></p></figcaption></figure>

<table><thead><tr><th width="53"></th><th>MODULE</th><th>TYPE</th><th>COMPLEXITY</th><th data-type="checkbox">STATUS</th></tr></thead><tbody><tr><td>1</td><td>Informatin Disclosure</td><td>Server-Side</td><td>Low</td><td>true</td></tr><tr><td>2</td><td>Essential Skills</td><td>Advanced</td><td>Low</td><td>true</td></tr><tr><td>3</td><td>SQL Injection</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>4</td><td>Command Injection</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>5</td><td>Path Traversal</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>6</td><td>XXE Injection</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>7</td><td>File Upload Vulnerabilities</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>8</td><td>Server-Side Request Forgery (SSRF)</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>9</td><td>Authentication</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>10</td><td>Access Control</td><td>Server-Side</td><td>Low</td><td>false</td></tr><tr><td>11</td><td>Clickjacking</td><td>Client-Side</td><td>Low</td><td>false</td></tr><tr><td>12</td><td>Web LLM attacks</td><td>Advanced</td><td>Low</td><td>false</td></tr><tr><td>13</td><td>Cross-site scripting (XSS)</td><td>Client-Side</td><td>Medium</td><td>false</td></tr><tr><td>14</td><td>Cross-site request forgery (CSRF)</td><td>Client-Side</td><td>Medium</td><td>false</td></tr><tr><td>15</td><td>Cross-origin resource sharing (CORS)</td><td>Client-Side</td><td>Medium</td><td>false</td></tr><tr><td>16</td><td>DOM-based vulnerabilities</td><td>Client-Side</td><td>Medium</td><td>false</td></tr><tr><td>17</td><td>Server-Side Template Injection</td><td>Advanced</td><td>Medium</td><td>false</td></tr><tr><td>18</td><td>Business Logic Vulnerabilities</td><td>Server-Side</td><td>Medium</td><td>false</td></tr><tr><td>19</td><td>HTTP Host Header Attacks</td><td>Advanced</td><td>Medium</td><td>false</td></tr><tr><td>20</td><td>Prototype Pollution</td><td>Advanced</td><td>Medium</td><td>false</td></tr><tr><td>21</td><td>WebSockets</td><td>Client-Side</td><td>Medium</td><td>false</td></tr><tr><td>22</td><td>JWT attacks</td><td>Advanced</td><td>Medium</td><td>true</td></tr><tr><td>23</td><td>GraphQL API Vulnerabilities</td><td>Advanced</td><td>Medium</td><td>false</td></tr><tr><td>24</td><td>Insecure Deserialization</td><td>Advanced</td><td>Medium</td><td>false</td></tr><tr><td>25</td><td>OAuth Authentication</td><td>Advanced</td><td>High</td><td>false</td></tr><tr><td>26</td><td>Race Conditions</td><td>Server-Side</td><td>High</td><td>false</td></tr><tr><td>27</td><td>HTTP Request Smuggling</td><td>Advanced</td><td>High</td><td>false</td></tr><tr><td>28</td><td>Web Cache Poisoning</td><td>Advanced</td><td>High</td><td>false</td></tr><tr><td>29</td><td>Web Cache Deception</td><td>Server-Side</td><td>High</td><td>false</td></tr></tbody></table>

Personally, i'm using a mixed approach.