cybersecurity / web security
Web Application Security, Free
The web is the biggest attack surface there is — which makes web security one of the most valuable skills in the field. Learn the risks, then practice exploiting and fixing them in the best free lab anywhere. All resources current.
Almost every organization runs web apps, and almost every web app has bugs — SQL injection, XSS, broken access control. Web security is learning to find and fix them. The path is well-worn: learn the standard vocabulary of risks (OWASP), practice hands-on in a world-class free lab (PortSwigger), and keep the secure-coding cheat sheets handy. Only test targets you own or are authorized to assess.
01 · LEARN & PRACTICE
The risks & the lab
The shared vocabulary, plus the best hands-on training anywhere.
- OWASP Top 10 ↗The essential, free reference for the most critical web-app security risks — the vocabulary every web-security learner needs.owasp.org
- PortSwigger Web Security Academy ↗The best free, hands-on web-security training there is — interactive labs for every vulnerability class, from the makers of Burp Suite.portswigger.net
02 · BUILD SECURE
Secure-coding reference
How to prevent the bugs, not just find them.