Skip to main content

PortSwigger · Web Security Academy

Catalog: 262 labs indexed from PortSwigger Web Security Academy. Each lab links to the official exercise and PortSwigger’s solution. The official sitemap coverage is partial; XSS, authentication, business logic and other topics will be added manually over time.

Access Control Vulnerabilities (13)

API Testing (5)

Authentication Vulnerabilities (14)

Clickjacking (5)

CORS (3)

Cross-Site Scripting (XSS) (28)

CSRF (Cross-Site Request Forgery) (12)

Insecure Deserialization (10)

DOM-based Vulnerabilities (7)

Essential Skills (2)

Directory / Path Traversal (6)

File Upload Vulnerabilities (7)

GraphQL (5)

HTTP Host Header Attacks (5)

Information Disclosure (5)

JWT (JSON Web Tokens) (8)

LLM Attacks (8)

Business Logic Vulnerabilities (12)

NoSQL Injection (4)

OAuth Authentication (6)

OS Command Injection (5)

Prototype Pollution (9)

Race Conditions (6)

HTTP Request Smuggling (16)

Server-Side Template Injection (SSTI) (7)

SQL Injection (18)

SSRF (Server-Side Request Forgery) (7)

Web Cache Deception (5)

Web Cache Poisoning (13)

WebSockets (2)

XXE (XML External Entity) (9)

Last updated: 2026-05-08