Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Latest modules
Most recent practitioner playbooks across every track. Filter by topic, level, or search in the sidebar.
Advanced JWT Attacks — Beyond Algorithm Confusion
Beyond alg=none and HS256 confusion Module SC-4 covered the classic algorithm-confusion attacks. This module covers the advanced variants. KID header injection # JWT header { "alg": "HS256", "typ": "JWT", "kid": "../../../etc/passwd" } # Application uses kid to look up the signing key. # If kid is unchecked, attacker can: # - Path-traverse to read arbitrary […]
WebSockets, SSE, WebRTC — Realtime Web Vulnerabilities
Why realtime channels need different testing Persistent connection rather than request-response. Often bypass HTTP-aware controls (rate limit, WAF rules). Authentication happens at connection-open; subsequent messages may not re-validate. Message framing varies; binary, JSON, custom protocols. The protocols Protocol Direction Use case WebSocket Bidirectional Chat, gaming, trading dashboards SSE (EventSource) Server → client Live notifications, dashboards […]
Web Cache Attacks — Deception, Poisoning, Key Confusion
Why cache attacks are different Web applications use multiple cache layers: CDN edge cache, origin proxy cache, application cache. Each interprets URLs and headers slightly differently. The gap between interpretations is the attack surface. Web Cache Deception The attack: Authenticated user visits https://app.com/account/details.css. CDN sees “.css” suffix; caches the response as a static asset. Origin […]
Smart Contract Pentest Fundamentals for Web Testers
What is different about smart contracts Immutable once deployed: no patch cycle (mostly). Find the bug, lose the funds. Public source code: bytecode is on-chain; usually source code published for verification. Direct financial exposure: vulnerabilities translate to ETH / tokens immediately. Gas economy: every operation costs; some attacks exploit gas pricing. Composability: contract A calls […]
GraphQL Pentesting — Introspection, Authz, Query Abuse
Why GraphQL needs different testing GraphQL provides a single endpoint that responds to flexible query shapes. The implications: Introspection lets the attacker enumerate the entire schema with a single query. Each field can have its own authorization; missing authz on a single field exposes data. Query depth and breadth can be weaponised for resource exhaustion. […]
Zero Standing Privilege and Just-in-Time Access
The principle Traditional model: 100 admins, each with persistent admin rights. Attacker compromise of any admin = persistent privileged access. Insider threat = persistent abuse capability. Zero standing privilege: 100 named eligible admins, 0 hold standing privilege. Elevation granted on request, time-bounded, audited. Attacker compromise of an admin = no standing access to abuse. Insider […]
Identity Governance — Lifecycle, Access Reviews, SoD
What IGA covers Lifecycle management: joiner, mover, leaver workflows. Access provisioning: who gets what, on what basis. Access reviews / certification: periodic re-validation of access. Segregation of duties (SoD): enforcement that conflicting roles don’t combine. Compliance reporting: evidence for audits. The joiner-mover-leaver workflow Joiner HR creates employee record in HRIS. IdP receives event; creates user […]
Customer Identity (CIAM) — Scale, Fraud, KYC
CIAM vs workforce IAM — the differences Dimension Workforce IAM CIAM Scale Thousands Millions to hundreds of millions Onboarding HR-provisioned Self-service registration MFA tolerance Mandatory; users accept UX-sensitive; abandonment risk Account recovery Help-desk-mediated Self-service required Risk posture Trusted users; insider risk Account takeover, fraud, abuse Identity proofing In-person at HR Online; KYC for regulated CIAM […]
Federation at Scale — SAML, OIDC, SCIM Patterns
The three protocols Protocol Purpose SAML 2.0 Browser-based SSO; enterprise standard since 2005 OIDC (OpenID Connect) SSO on top of OAuth 2.0; modern API-first SCIM Automated user provisioning and de-provisioning SAML in practice Service Provider (SaaS) redirects user to Identity Provider for authentication. IdP authenticates and returns signed SAML assertion to SP. SP validates signature, […]
Privileged Access Management — PAM Architecture and Operations
What privileged accounts cover Domain Admin / Enterprise Admin (Windows AD). Root / sudo on Linux servers. Database admin (DBA) for production databases. Cloud root accounts and cloud admin IAM roles. Network device admin (firewall, switch, router). SaaS admin accounts (Okta admin, Workspace super-admin). Application admin accounts (Veeam, vCenter, etc.). Inventory these. The list is […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.