Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Attacker Mindset — Web · modules

Why each web vuln class exists — trust boundaries, grammar confusion, authorization drift. Mindset first, tools second.

20 results · Page 2/2
Filtering: Track: Attacker Mindset — Web × Clear all →
Attacker Mindset — Web Advanced Members

Module 4 · Business Logic — Where Scanners Fail

Business logic bugs are legal sequences of actions producing illegal outcomes. Understand the product to find them.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Advanced Members

Module 5 · Why SSRF Is Still Critical in 2026

Every URL parameter where the server fetches. Cloud metadata turned SSRF from inconvenience to catastrophe.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Advanced Members

Module 6 · Why XSS Persists — Context Is Everything

Framework defaults cover one HTML context. Every other context — URL, CSS, JSON-in-script — is fresh attack surface.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Advanced Members

Module 7 · File Upload — Three Attacks in One

Upload = attack at parsing + storage + serving. All three have their own rules, and mistakes compound.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Advanced Members

Module 8 · APIs — Your Mobile App Is Public Attack Surface

Every endpoint your mobile or SPA calls is exposed to the internet. Shadow endpoints, version drift, mass assignment.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Advanced Members

Module 9 · Session Tokens — Where Auth Bugs Live After Login

Developers focus on login; attackers target sessions. Theft, rotation, revocation, and the edge cases that break.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Expert Members

Module 10 · The Framework-Assumption Gap

'The framework handles it' is the most dangerous phrase in modern web security. Escape hatches, third-party integrations, and non-REST transports.

Apr 22, 2026 90 min Open
Attacker Mindset — Web Beginner Members

Module 1 · Trust Boundaries — Where Every Web Vuln Begins

Every web vuln is a trust-boundary bug. Learn to see boundaries before learning to exploit them.

Apr 22, 2026 60 min Open
Attacker Mindset — Web Intermediate Members

Module 2 · Why Injection Still Happens — A Grammar Problem

Injection isn't about bad input. It's attackers smuggling tokens into an interpreter's grammar.

Apr 22, 2026 75 min Open
Attacker Mindset — Web Intermediate Members

Module 3 · Why Auth Checks Fail — Missing Gates Everywhere

Authentication is one gate. Authorization is every gate after. Most breaches live in the latter.

Apr 22, 2026 75 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map