PortSwigger labs

Server-side topics

Client-side topics

  • Cross-site request forgery (CSRF)

  • Cross-origin resource sharing (CORS)

  • Clickjacking

  • DOM-based vulnerabilities

  • WebSockets

Advanced topics

  • Insecure deserialization

  • Web LLM attacks

  • GraphQL API vulnerabilities

  • Server-side template injection

  • Web cache poisoning

  • HTTP Host header attacks

  • HTTP request smuggling

  • OAuth authentication

  • JWT attacks

  • Prototype pollution

  • Essential skills

Last updated