Web Hacking Fundamentals

Understand the core security issues with web applications, and learn how to exploit them using industry tools and techniques.

In this module, we'll be exploring the basic components of the modern web including both the basic protocols used, as well as various server components that make up the world wide web. You'll be diving into how to use BurpSuite, a tool which is widely regarded to be at the heart of web hacking. Additionally, you'll learn how to perform basic enumeration of websites and exploit the ten most common web application vulnerabilities by hacking various real-world applications.

How Websites Work

To exploit a website, you first need to know how they are created.

HTTP in Detail

Learn about how you request content from a web server using the HTTP protocol

Burp Suite: The Basics

An introduction to using Burp Suite for web application pentesting.

OWASP Top 10 - 2021

Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.

OWASP API Security Top 10 - 1

Learn the basic concepts for secure API development (Part 1).

OWASP Juice Shop

This room uses the Juice Shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.

Upload Vulnerabilities

Tutorial room exploring some basic file-upload vulnerabilities in websites

Pickle Rick

A Rick and Morty CTF. Help turn Rick back into a human!

Need to know

Linux Fundamentals

Many servers and security tools use Linux. Learn how to use the Linux operating system, a critical skill in cyber security.

Next steps

Cryptography

Cryptography is essential in security. Learn how it's used to preserve integrity and confidentiality of sensitive information.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).