• Lesson 1: Introduction
  • Lesson 2: Information Gathering
  • Lesson 3: BurpSuite Introduction
  • Lesson 4: Cross Site Scripting (XSS)
  • Lesson 5: Host Header Injection
  • Lesson 6: URL Redirection
  • Lesson 7: Parameter Tampering
  • Lesson 8: HTML Injection
  • Lesson 9: SQL Injection
  • Lesson 10: File Inclusion
  • Lesson 11: Missing SPF Record
  • Lesson 12: No Rate Limiting
  • Lesson 13: Source Code Disclosure
  • Lesson 14: Long Password DoS Attack
  • Lesson 15: IDOR
  • Lesson 16: Server-Side Request Forgery (SSRF)
  • Lesson 17: Cross Site Request Forgery (CSRF)
  • Lesson 18: Hostile Subdomain Takeover
  • Lesson 19: S3 Bucket Takeover
  • Lesson 20: Command Injection (RCE)
  • Lesson 21: File Uploading
  • Lesson 22: XML External Entity Injection
  • Lesson 23: Buffer Overflow
  • Lesson 24: WordPress Vulnerability
  • Lesson 25: Joomla Vulnerability
  • Lesson 26: Drupal Vulnerability
  • Lesson 27: CMS Vulnerability Hunting
  • Lesson 28: HSTS (HTTP Strict Transport Security)
  • Lesson 29: Session Fixation
  • Lesson 30: Account Lockout
  • Lesson 31: Password Reset Poisoning
  • Lesson 32: Identity Management Testing
  • Lesson 33: Authentication Testing
  • Lesson 34: Cryptographic Vulnerability
  • Lesson 35: Session Management Testing
  • Lesson 36: Exposed Source Code Control System
  • Lesson 37: Apache Struts RCE Hunting
  • Lesson 38: Web Cache Deceptions
  • Lesson 39: Server-Side Includes Injection
  • Lesson 40: Ticket Tricks Bug Bounty
  • Lesson 41: Multi-Factor Authentication
  • Lesson 42: HTTPoxy Attack
  • Lesson 43: Webmin Authentication Bypass
  • Lesson 44: Heartbleed
  • Lesson 45: AppWeb Authentication Bypass
  • Lesson 46: Nginx
  • Lesson 47: MySQL Authentication Bypass
  • Lesson 48: DNS Zone Transfer
  • Lesson 49: Log Injection
  • Lesson 50: Cache Testing
  • Lesson 51: Black (Jinja-2) SSTI to RCE
  • Lesson 52: Handloop Vulnerability
  • Lesson 53: CSRF Same-Site Bypass
  • Lesson 54: JWT Token Attack
  • Lesson 55: Email Bounce Resource
  • Lesson 56: IVR Call Request Crash
  • Lesson 57: Weak Password Reset
  • Lesson 58: Business Login Vulnerabilities
  • Lesson 59: RPC Pingback Attack
  • Lesson 60: WAF/MOD Security Bypass
  • Lesson 61: Broken Authentication
  • Lesson 62: Open Redirection
  • Lesson 63: Null Byte Injection
  • Lesson 64: CORS Vulnerabilities