Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Web Application Penetration Testing · modules
From HTTP fundamentals to business-logic exploitation. The complete path.
Module 29 · Advanced JWT Attacks — Beyond Algorithm Confusion
Beyond alg=none and HS256 confusion Module SC-4 covered the classic algorithm-confusion attacks. This module covers the advanced variants. KID header injection # JWT header { "alg": "HS256", "typ": "JWT", "kid": "../../../etc/passwd" } # Application uses kid to look up the signing key. # If kid is unchecked, attacker can: # - Path-traverse to read arbitrary […]
Module 27 · WebSockets, SSE, WebRTC — Realtime Web Vulnerabilities
Why realtime channels need different testing Persistent connection rather than request-response. Often bypass HTTP-aware controls (rate limit, WAF rules). Authentication happens at connection-open; subsequent messages may not re-validate. Message framing varies; binary, JSON, custom protocols. The protocols Protocol Direction Use case WebSocket Bidirectional Chat, gaming, trading dashboards SSE (EventSource) Server → client Live notifications, dashboards […]
Module 28 · Web Cache Attacks — Deception, Poisoning, Key Confusion
Why cache attacks are different Web applications use multiple cache layers: CDN edge cache, origin proxy cache, application cache. Each interprets URLs and headers slightly differently. The gap between interpretations is the attack surface. Web Cache Deception The attack: Authenticated user visits https://app.com/account/details.css. CDN sees “.css” suffix; caches the response as a static asset. Origin […]
Module 26 · Smart Contract Pentest Fundamentals for Web Testers
What is different about smart contracts Immutable once deployed: no patch cycle (mostly). Find the bug, lose the funds. Public source code: bytecode is on-chain; usually source code published for verification. Direct financial exposure: vulnerabilities translate to ETH / tokens immediately. Gas economy: every operation costs; some attacks exploit gas pricing. Composability: contract A calls […]
Module 25 · GraphQL Pentesting — Introspection, Authz, Query Abuse
Why GraphQL needs different testing GraphQL provides a single endpoint that responds to flexible query shapes. The implications: Introspection lets the attacker enumerate the entire schema with a single query. Each field can have its own authorization; missing authz on a single field exposes data. Query depth and breadth can be weaponised for resource exhaustion. […]
Module 26 · Web Cache Poisoning & Deception
Why this module exists. James Kettle’s 2018 “Practical Web Cache Poisoning” Black Hat talk made cache poisoning the bug that goes from “weird HTTP behaviour” to “CDN-served XSS to every user in the country.” The bug class hasn’t gone away; if anything it’s gotten worse with the proliferation of CDNs and edge caching. The mental […]
Module 24 · WebSocket Security
Why this module exists. Real-time chat, live trading dashboards, multiplayer games, collaborative editors — all run on WebSockets. And every web pentester I know has found at least one critical WebSocket bug because developers treat the protocol as “HTTP-but-faster” without realising the security model is fundamentally different. How WebSockets differ from HTTP Single connection, bidirectional […]
Module 22 · OAuth & SSO Authentication Flaws
Why this module exists. OAuth 2.0 and OIDC are the universal authentication layer of the modern web — and the most-misunderstood spec in the industry. The protocol is fine; the implementations are catastrophic. “Sign in with Google”, “Sign in with Apple”, “Sign in with Facebook” — every one of these has had account-takeover bugs in […]
Module 21 · NoSQL Injection
Why this module exists. Developers who learned about SQL injection often think NoSQL databases are safe by design. They aren’t — they have different injection patterns, often with even fewer guardrails. MongoDB powers half of Indian Node.js startups; nearly every one I’ve audited had at least one NoSQLi exposure. How NoSQL queries differ from SQL […]
Module 20 · Server-Side Template Injection (SSTI)
Why this module exists. SSTI almost always becomes RCE. The bug looks innocent — user input ends up in a template — and the impact is full server takeover. Modern frameworks make it harder, but every Indian SaaS that does email templating, custom report rendering, or user-customisable dashboards is exposed. The bug class in one […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.