I have had the pleasure of testing out Portswigger’s web academy here lately. I just want to say that so far I have enjoyed it. For anyone who is looking for some training on web application security this is a good place to start. For those who don’t know Portswigger are the creators of the amazingly useful Burpsuite software.
“Burp or Burp Suite is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Web Security. ” Source: wikipedia
I have been going over The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws which is currently released for the second edition. The third addition is highly anticipated by fans that have been waiting for an update but the authors however have announced that they are doing something much more exciting. Portswigger’s Web Security Academy, as of right now it has SQL Injection (SQLi), Cross-site Scripting (XSS), OS-Command Injection, File Path traversal. The website has stated that this is just a start to get people going with the foundational most “classic” or “common” vulnerabilities.
I will keep this updated as I go through the course however I have about completed the SQL injection part of the course. I would say that it is great as a learning resource and is beginner friendly. The reason I say this is it offers a very detailed description or teaching on each module. Then when you are doing the labs there is a solution that you can optionally reveal if you get stuck or need a hint. So it is not terribly challenging but it is good for a hands-on learning approach. If you learn through practical hands-on application and not just reading or listening then this is for you.
To get started visit: https://portswigger.net/web-security and create an account. It is completely free!
The team behind the Web Security Academy includes Dafydd Stuttard, author of The Web Application Hacker’s Handbook.