ThreatFoundacademy
All paths
Beginner

Web Application Security

The bread and butter — how web apps break, from HTTP basics to XSS, SQLi and access control.

  1. 1

    HTTP, the language of the web

    Requests, responses, methods, status codes and headers — the foundation every web attack builds on.

    8m
  2. 2

    Cross-Site Scripting (XSS)

    How attacker-controlled input becomes executable JavaScript in a victim’s browser — and how to prove it.

    10m
  3. 3

    SQL Injection

    When user input is concatenated into a query, an attacker can rewrite the query itself — reading or destroying the database.

    11m
  4. 4

    Broken Access Control & IDOR

    When the app forgets to check who you are — the #1 category on the OWASP Top 10.

    9m
  5. 5

    Server-Side Request Forgery (SSRF)

    Make the server make requests for you — into the cloud metadata service and internal network.

    10m