WebSecAcademy Profile Banner
Web Security Academy Profile
Web Security Academy

@WebSecAcademy

Followers
127K
Following
103
Media
142
Statuses
1K

Free web security training from @PortSwigger

Joined April 2018
Don't wanna be here? Send us removal request.
@WebSecAcademy
Web Security Academy
47 minutes
RT @albinowax: When HTTP/1.1 Must Die lands at DEFCON we’ll publish a @WebSecAcademy lab with a new class of desync attack. One week later,….
0
44
0
@WebSecAcademy
Web Security Academy
19 hours
Join us on Discord:
Tweet media one
1
6
48
@WebSecAcademy
Web Security Academy
2 days
Learning Path: Web cache deception. In this learning path, you'll learn how to exploit mismatches between web caches and origin servers to expose sensitive data and create unexpected caching behaviors. You’ll learn:.πŸ”Έ How web caching works and what cache keys do.πŸ”Έ How to
Tweet media one
2
9
58
@WebSecAcademy
Web Security Academy
3 days
Tweet media one
23
70
569
@WebSecAcademy
Web Security Academy
4 days
Knowing the DB version is useful when formulating more complicated attacks. Here are 5 SQL commands to extract version info across Oracle, Microsoft, PostgreSQL, and MySQL πŸ‘‡
Tweet media one
1
6
50
@WebSecAcademy
Web Security Academy
5 days
Free, online web security training from the creators of Burp Suite. πŸ”Έ Boost your career.πŸ”Έ Flexible learning.πŸ”Έ Learn from experts. Sign up today πŸ‘‡.
Tweet media one
1
14
84
@WebSecAcademy
Web Security Academy
6 days
[LAB] Client-Side Prototype Pollution via Browser APIs. This lab is vulnerable to DOM XSS via client-side prototype pollution. The website's developers have noticed a potential gadget and attempted to patch it. However, you can bypass the measures they've taken. Here’s what
Tweet media one
0
14
69
@WebSecAcademy
Web Security Academy
7 days
Level up your hacking skills with like minded people over on our Discord Server!. Join now:
Tweet media one
0
2
13
@WebSecAcademy
Web Security Academy
8 days
Second-order SQL injection is often misunderstood, even by experienced developers. It highlights how security isn't just about input validation at the point of entry, it’s also about how and where that data is used later. What is Second-Order SQL Injection?. It’s a type of SQL
Tweet media one
0
5
40
@WebSecAcademy
Web Security Academy
9 days
What is SQL Injection? . Good question! Thanks for asking. We made this video to explain it all. Watch now πŸ‘‡.
0
5
53
@WebSecAcademy
Web Security Academy
10 days
Explain race condition vulnerabilities like I'm fiveπŸ‘‡
Tweet media one
14
7
108
@WebSecAcademy
Web Security Academy
11 days
They are a LOT of server-side vulnerabilities for beginners to get their heads around. We created this Learning Path, to help you get to know them!. Start the Server-side Vulnerabilities Learning Path now:
Tweet media one
0
13
63
@WebSecAcademy
Web Security Academy
12 days
How to Detect SQL Injection Vulnerabilities. SQL injection (SQLi) remains one of the most dangerous (yet common) web vulnerabilities. Here are 6 ways to find them πŸ‘‡. 1️⃣ Inject Basic Payloads. Submit single characters like ' and watch for SQL error messages or abnormal
Tweet media one
0
29
154
@WebSecAcademy
Web Security Academy
13 days
Where's the fun in hacking alone? . Meet other beginners in our discord channel:
Tweet media one
0
6
25
@WebSecAcademy
Web Security Academy
14 days
Stored XSS in 30 Seconds ⏰. "Stored XSS into HTML context with nothing encoded" Lab walkthrough:. 1️⃣ Test HTML first.Submit a comment with <u>test</u> to check if HTML is rendered. If <u>test</u> is rendered with an underline then this suggests there is no filtering in place.
1
12
66
@WebSecAcademy
Web Security Academy
17 days
How to add a new header to every request that passes through Burp using Match and Replace πŸ‘‡. Leaving the "Match" field blank allows you to add a new header to each request. PRO TIP: Enable "Only apply to in-scope items" in the Match and Replace tab to apply only to items that
1
17
128
@WebSecAcademy
Web Security Academy
18 days
How to intercept a request, send to repeater and send that request from the Repeater tab (without touching your mouse)πŸ‘‡. Ctrl + T β†’ Toggle Intercept.Ctrl + R β†’ Send Request to Repeater.Ctrl + Shift + R β†’ Switch to Repeater tab.Ctrl + Space β†’ Send request. Check this out πŸ‘‡
1
18
107
@WebSecAcademy
Web Security Academy
19 days
What's your best @Burp_Suite tip or trick and where did you learn it?.
7
5
50
@WebSecAcademy
Web Security Academy
20 days
How to set your scope in Burp Suite πŸ‘‡
1
17
156
@WebSecAcademy
Web Security Academy
21 days
What are your favorite Burp Suite hotkeys and what do they do?
Tweet media one
3
1
20