Sign in Create Account
🎯

Junior Pentester

Build a solid foundation in web application security. Work through the core vulnerability classes every pentester needs to know, from XSS and SQL injection to authentication flaws and SSRF.

62 exercises
4 chapters ← All Tracks
Chapter 1
Cross-Site Scripting
Learn to find and exploit XSS vulnerabilities, from basic reflected and stored XSS to filter bypasses and DOM-based attacks.
1
XSS 01 Pro
Exploitation
2
XSS 02 Pro
Exploitation
3
XSS 03 Pro
Exploitation
4
XSS 04 Pro
Exploitation
5
XSS 05 Pro
Exploitation
6
XSS 06 Pro
Exploitation
7
XSS 07 Pro
Exploitation
8
XSS 08 Pro
Exploitation
9
XSS 09 Pro
Exploitation
10
XSS 10 Pro
Exploitation
Chapter 2
Injection & Execution
Exploit SQL injection, command injection, code execution, LDAP injection, NoSQL injection, server-side template injection, and file inclusion vulnerabilities.
11
SQL Injection 01 Pro
Exploitation
12
SQL Injection 02 Pro
Exploitation
13
SQL Injection 03 Pro
Exploitation
14
SQL Injection 04 Pro
Exploitation
15
SQL Injection 05 Pro
Exploitation
16
SQL Injection 06 Pro
Exploitation
17
Command Execution 01 Pro
Exploitation
18
Command Execution 02 Pro
Exploitation
19
Command Execution 03 Pro
Exploitation
20
Code Execution 01 Pro
Exploitation
21
Code Execution 02 Pro
Exploitation
22
Code Execution 03 Pro
Exploitation
23
Code Execution 04 Pro
Exploitation
24
Code Execution 05 Pro
Exploitation
25
Code Execution 06 Pro
Exploitation
26
Code Execution 07 Pro
Exploitation
27
Code Execution 08 Pro
Exploitation
28
Code Execution 09 Pro
Exploitation
29
LDAP 01 Pro
Exploitation
30
LDAP 02 Pro
Exploitation
31
MongoDB Injection 01 Pro
Exploitation
32
MongoDB Injection 02 Pro
Exploitation
33
Server Side Template Injection 01 Pro
Exploitation
34
Server Side Template Injection 02 Pro
Exploitation
35
File Include 01 Pro
Exploitation
36
File Include 02 Pro
Exploitation
Recommended: Complete Chapter 1 first
Chapter 3
Files, Paths & Server-Side Requests
Exploit directory traversal, file upload, XML external entities, open redirects, and server-side request forgery vulnerabilities.
37
Directory Traversal 01 Pro
Exploitation
38
Directory Traversal 02 Pro
Exploitation
39
Directory Traversal 03 Pro
Exploitation
40
File Upload 01 Pro
Exploitation
41
File Upload 02 Pro
Exploitation
42
XML Attacks 01 Pro
Exploitation
43
XML Attacks 02 Pro
Exploitation
44
Open Redirect 01 Pro
Exploitation
45
Open Redirect 02 Pro
Exploitation
46
Server Side Request Forgery 01 Pro
Exploitation
47
Server Side Request Forgery 02 Pro
Exploitation
48
Server Side Request Forgery 03 Pro
Exploitation
49
Server Side Request Forgery 04 Pro
Exploitation
Recommended: Complete Chapters 1 & 2 first
Chapter 4
Authentication, Authorization & JWT
Identify and exploit authentication bypass, broken access controls, insecure direct object references, and JWT implementation flaws.
50
Authentication 01 Pro
Exploitation
51
Authentication 02 Pro
Exploitation
52
Authentication 03 Pro
Exploitation
53
Authentication 04 Pro
Exploitation
54
Authentication 05 Pro
Exploitation
55
Authorization 01 Pro
Exploitation
56
Authorization 02 Pro
Exploitation
57
Authorization 03 Pro
Exploitation
58
Authorization 04 Pro
Exploitation
59
Authorization 05 Pro
Exploitation
60
Authorization 06 Pro
Exploitation
61
JWT VII Pro
Exploitation
62
JSON Web Token None Algorithm Pro
Exploitation
Recommended: Complete all previous chapters