PortSwigger labs
Business logic vulnerabilities
File upload vulnerabilities
Race conditions
Server-side request forgery (SSRF)
NoSQL injection
API testing
Server-side topics
File upload vulnerabilities
Race conditions
NoSQL injection
API testing
Client-side topics
Cross-site request forgery (CSRF)
Cross-origin resource sharing (CORS)
Clickjacking
DOM-based vulnerabilities
WebSockets
Advanced topics
Insecure deserialization
Web LLM attacks
GraphQL API vulnerabilities
Server-side template injection
Web cache poisoning
HTTP Host header attacks
HTTP request smuggling
OAuth authentication
JWT attacks
Prototype pollution
Essential skills
Last updated