We make learning web hacking easier!
Our exercises cover everything from basic bugs to advanced vulnerabilities.
Not only will we help you learn but you'll also have fun doing it!
Hands-On!
There's only one way to properly learn web penetration testing: by getting your hands dirty. We teach how to manually find and exploit vulnerabilities.
See how it works
Hands-on, no VPN, real bugs
Practice makes perfect
We provide you with online challenges you can work on without having to setup anything (no virtualisation, no VPN). Just a browser and a web proxy like Burp or Zap. You spend time learning instead of setting up everything.
We don't emulate bugs, we deploy real web applications with real bugs as you will find them if you perform penetration testing or bug bounty.
Real vulnerabilities
Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated - we provide you real systems with real vulnerabilities.
Check some examples
Real vulnerabilities
We have been collecting bugs for years and selecting them for their pedagogical properties
When we think a bug qualifies for our platform we create a challenge for it. That's why we cover many CVEs like shellshock as well as recent Rails vulnerabilities. We make sure that you learn important concepts, not just another bug.
For example, we have a dozen challenges on JSON Web Token (JWT) as JWT introduce really interesting vulnerabilities in their design, implementation, and usage. They also teach how to find vulnerabilities in cryptographic usage without being a mathematics wizard.
We also cover things that are essentials when doing any work in infosec: basic Unix knowledge, common protocols, Intercepting TLS...
Certificates of completion
Our online exercises allows you to obtain certificates of completion. Exercises are grouped into badges that you can complete to get your certificate. It allows you to easily demonstrating your knowledge and skills.
Learn more
Certificates of completion
15 different certificates are already available, including the Unix Badge (35 exercises), the Essential Badge (60 exercises), the Intercept Badge (5 exercises) and the Serialize Badge (5 exercises)...
And we are currently rolling out the Brown Badge, the Authentication / Authorization Badge and the Code Review Badge!
Friendly Support
Struggling with a payload? Not able to solve an exercise? With PentesterLab PRO, we are here to help you.
You won't be on your own.
Just shoot us an email and you'll get a quick reply with all you need to know to move forward
(without spoiling it).
We're also making it super easy to get started with the Introduction Badge.
Learn at your
own pace
With PentesterLab PRO, you can learn when you want, where you want. We provide courses to get you started as well as videos if you get stuck.
PentesterLab will get you to the next level. Whether you're a complete infosec noob, a bug bounty hunter or a professional pentester, you will gain a deep understanding of vulnerabilities and methods of exploitation.
We give you just enough information to learn and get started. This allows you to learn how to learn. If you get stuck you can jump on our videos to find what went wrong.
What our PRO members say
Checkout some of the testimonials from our PRO members
-
“The exercises and course content provided by PentesterLab has allowed for me to continually excel in bug bounties and penetration testing in my career by ensuring that I am well aware of the techniques, methods and attack vectors that any good pentester should know. As PentesterLab Pro does not require you to set up VMs, more time has been spent on learning and applying rather than simply setting up labs or vulnerable VMs. The return received from subscribing to PentesterLab has been far greater than the little investment that I have put in. ”Shubham Shah (@infosec_au)
Senior Security Analyst and Bug Bounty hunter -
“I consider PentesterLab to be a great resource for learning about web application security and ways how it can be subverted. Even though the exercises usually don’t take much time to complete they can teach a lot. I can’t but recommend it, especially to any aspiring junior penetration testers out there.”Jan Kopriva
CSIRT Team Leader -
“PentesterLab is an awesome resource to get hands-on, especially for newbies in web penetration testing or pentesting in general. It gives insights to possible web security flaws, their behavior and approaches that can be taken to exploit them. More of, it does help in developing a hacker-like mindset. Kudos & Thanks to PentesterLab!!”Saurabh Nigam
Security Engineer
Get PentesterLab PRO and start improving your skills now!
Each subscription to PentesterLab PRO comes with a set of stickers sent directly to you.
GET PentesterLab PRO