PortSwigger Web Security Academy – Full Lab Writeups
This repository contains complete and categorized writeups for every lab available on the PortSwigger Web Security Academy. Each lab folder includes:
- Lab title, description, and objectives
- Step-by-step solution using real payloads
- Exploitation methodology
Covers all labs across APPRENTICE, PRACTITIONER, and EXPERT levels.
Lab Categories
Labs are divided into the following groups:
- Server‑Side Vulnerabilities (14 categories)
- Client‑Side Vulnerabilities (6 categories)
- Advanced Exploitation Techniques (11 categories)
Server‑Side Vulnerabilities
| Vulnerability | Labs | Link |
|---|---|---|
| API Testing | 5 | API Testing |
| Access Control | 13 | Access Control |
| Authentication | 14 | Authentication |
| Business Logic Vulnerabilities | 11 | Business Logic |
| Command Injection | 5 | Command Injection |
| File Upload | 7 | File Upload |
| Information Disclosure | 5 | Information Disclosure |
| NoSQL Injection | 4 | NoSQL Injection |
| Path Traversal | 6 | Path Traversal |
| Race Conditions | 6 | Race Conditions |
| SQL Injection | 18 | SQL Injection |
| SSRF | 7 | SSRF |
| Web Cache Deception | 5 | Web Cache Deception |
| XXE Injection | 9 | XXE |
🧮 Total Server‑Side Labs: 125
Client‑Side Vulnerabilities
| Vulnerability | Labs | Link |
|---|---|---|
| Cross-Site Scripting (XSS) | 30 | XSS |
| CSRF | 12 | CSRF |
| CORS | 3 | CORS |
| Clickjacking | 5 | Clickjacking |
| DOM-Based Vulnerabilities | 7 | DOM-Based |
| WebSockets | 3 | WebSockets |
🧮 Total Client‑Side Labs: 60
Advanced Exploitation Techniques
| Vulnerability | Labs | Link |
|---|---|---|
| Essential Skills | 2 | Essential Skills |
| GraphQL | 5 | GraphQL |
| HTTP Host Header Attacks | 7 | Host Header |
| HTTP Request Smuggling | 21 | Request Smuggling |
| Insecure Deserialization | 10 | Deserialization |
| JWT | 8 | JWT |
| OAuth | 6 | OAuth |
| Prototype Pollution | 10 | Prototype Pollution |
| SSTI (Template Injection) | 7 | SSTI |
| Web Cache Poisoning | 13 | Cache Poisoning |
| Web LLM Attacks | 4 | LLM Attacks |
🧮 Total Advanced Labs: 93
⚠️ Disclaimer: These writeups are for educational purposes only. Do not use on systems without authorization. Follow responsible disclosure and ethical hacking practices.
Happy hacking!