Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Web Application Penetration Testing · modules
From HTTP fundamentals to business-logic exploitation. The complete path.
Module 27 · WebSockets, SSE, WebRTC — Realtime Web Vulnerabilities
Why realtime channels need different testing Persistent connection rather than request-response. Often bypass HTTP-aware controls (rate limit, WAF rules). Authentication happens at connection-open; subsequent messages may not re-validate. Message framing varies; binary, JSON, custom protocols. The protocols Protocol Direction Use case WebSocket Bidirectional Chat, gaming, trading dashboards SSE (EventSource) Server → client Live notifications, dashboards […]
Module 28 · Web Cache Attacks — Deception, Poisoning, Key Confusion
Why cache attacks are different Web applications use multiple cache layers: CDN edge cache, origin proxy cache, application cache. Each interprets URLs and headers slightly differently. The gap between interpretations is the attack surface. Web Cache Deception The attack: Authenticated user visits https://app.com/account/details.css. CDN sees “.css” suffix; caches the response as a static asset. Origin […]
Module 26 · Smart Contract Pentest Fundamentals for Web Testers
What is different about smart contracts Immutable once deployed: no patch cycle (mostly). Find the bug, lose the funds. Public source code: bytecode is on-chain; usually source code published for verification. Direct financial exposure: vulnerabilities translate to ETH / tokens immediately. Gas economy: every operation costs; some attacks exploit gas pricing. Composability: contract A calls […]
Module 25 · GraphQL Pentesting — Introspection, Authz, Query Abuse
Why GraphQL needs different testing GraphQL provides a single endpoint that responds to flexible query shapes. The implications: Introspection lets the attacker enumerate the entire schema with a single query. Each field can have its own authorization; missing authz on a single field exposes data. Query depth and breadth can be weaponised for resource exhaustion. […]
Module 20 · Server-Side Template Injection (SSTI)
Why this module exists. SSTI almost always becomes RCE. The bug looks innocent — user input ends up in a template — and the impact is full server takeover. Modern frameworks make it harder, but every Indian SaaS that does email templating, custom report rendering, or user-customisable dashboards is exposed. The bug class in one […]
Module 26 · Web Cache Poisoning & Deception
Why this module exists. James Kettle’s 2018 “Practical Web Cache Poisoning” Black Hat talk made cache poisoning the bug that goes from “weird HTTP behaviour” to “CDN-served XSS to every user in the country.” The bug class hasn’t gone away; if anything it’s gotten worse with the proliferation of CDNs and edge caching. The mental […]
Module 22 · OAuth & SSO Authentication Flaws
Why this module exists. OAuth 2.0 and OIDC are the universal authentication layer of the modern web — and the most-misunderstood spec in the industry. The protocol is fine; the implementations are catastrophic. “Sign in with Google”, “Sign in with Apple”, “Sign in with Facebook” — every one of these has had account-takeover bugs in […]
Module 13 · JWT Attacks
JSON Web Tokens (JWT) have become the default authentication token format in modern APIs. They’re compact, stateless, and when implemented correctly, secure. When implemented poorly, they’re a source of authentication bypass and privilege escalation. This module covers JWT structure, common attacks, and the concrete defences. JWT structure header.payload.signature # Base64-decoded example: Header: {"alg":"HS256","typ":"JWT"} Payload: {"sub":"priya","role":"admin","exp":1700000000} […]
Module 10 · XML External Entity Injection (XXE)
XML External Entity (XXE) injection exploits XML parsers that process references to external entities. A classic vulnerability in XML-consuming applications — SOAP services, document upload features, SAML, configuration parsers. Can lead to file disclosure, SSRF, DoS, and RCE. How XXE works XML supports external entities — references to external resources. When a parser fetches the […]
Module 9 · Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) is a vulnerability where an attacker tricks a server into making HTTP requests on their behalf. In a cloud environment, SSRF frequently escalates from “interesting” to “full account compromise” via metadata service abuse. The core vulnerability An application takes a URL parameter, fetches it, and returns the response. Classic example: “Enter […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.