PortSwigger labs

Server-side topics

SQL injection

Authentication

Path traversal

Command injection

Business logic vulnerabilities

Information disclosure

Access control

File upload vulnerabilities

Race conditions

Server-side request forgery (SSRF)

XXE injection

NoSQL injection

API testing

Client-side topics

Cross-site scripting (XSS)

Cross-site request forgery (CSRF)

Cross-origin resource sharing (CORS)

Clickjacking

DOM-based vulnerabilitieWebSockets

Advanced topics

Insecure deserialization

Web LLM attacks

GraphQL API vulnerabilities

Server-side template injection

Web cache poisoning

HTTP Host header attacks

HTTP request smuggling

OAuth authentication

JWT attacks

Prototype pollution

Essential skills

Server-side topics

• SQL injection

• Authentication

• Path traversal

• Command injection

• Business logic vulnerabilities

• Information disclosure

• Access control

• File upload vulnerabilities

• Race conditions

• Server-side request forgery (SSRF)

• XXE injection

• NoSQL injection

• API testing

Client-side topics

• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)

• Cross-origin resource sharing (CORS)

• Clickjacking

• DOM-based vulnerabilities

• WebSockets

Advanced topics

• Insecure deserialization

• Web LLM attacks

• GraphQL API vulnerabilities

• Server-side template injection

• Web cache poisoning

• HTTP Host header attacks

• HTTP request smuggling

• OAuth authentication

• JWT attacks

• Prototype pollution

• Essential skills