Web Security Academy (@WebSecAcademy) / X

Web Security Academy

1,722 posts

Web Security Academy

@WebSecAcademy

Free web security training from @PortSwigger

portswigger.net/web-security

Joined April 2018

Following

141.1K

Followers

Web Security Academy
@WebSecAcademy
Mar 24, 2025
What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in!
00:00
63K
Web Security Academy
@WebSecAcademy
Aug 17, 2025
How to deliver reflected XSS via HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now: portswigger.net/web-security/r…
00:00
42K
Web Security Academy
@WebSecAcademy
Jun 29, 2020
We’ve added a brand new topic on insecure deserialization, with 10 new labs. portswigger.net/web-security/d…
Web Security Academy
@WebSecAcademy
Dec 16, 2019
Who wants to win a @Burp_Suite hoodie? We'll be launching a brand new Web Security Academy topic later today, including 13 new labs. portswigger.net/web-security
Web Security Academy
@WebSecAcademy
Sep 17, 2019
The Web Security Academy already covers XSS, SQLi, CSRF, SSRF, XXE, OS command injection, directory traversal., and HTTP request smuggling. We’ll be adding more topics very soon. portswigger.net/web-security
Web Security Academy
@WebSecAcademy
Apr 11, 2025
How to use Burp Suite's "Decoder" for URL-encoding. (plus a much easier way to do it)
00:00
31K
Web Security Academy
@WebSecAcademy
Sep 27, 2019
Our brand new XSS cheat sheet is now live, with hundreds of modern vectors, developed by @garethheyes portswigger.net/web-security/c…
Web Security Academy
@WebSecAcademy
May 29, 2019
We've added a huge new topic, on XXE (XML external entity) injection. Lots of new content and 9 new labs! portswigger.net/web-security/x…
Web Security Academy
@WebSecAcademy
Jul 1, 2025
26K
Web Security Academy
@WebSecAcademy
Aug 13, 2025
How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: <HOST-URL> Content-Length: 6 Transfer-Encoding: chunked 0
00:00
28K
Web Security Academy
@WebSecAcademy
Aug 7, 2019
We've added a topic on HTTP request smuggling. There are 12 labs where you can learn about this brand new vulnerability. portswigger.net/web-security/r…
Web Security Academy
@WebSecAcademy
Mar 25, 2025
HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add
00:00
26K
Web Security Academy
@WebSecAcademy
Jun 21, 2019
We've added a brand new topic, on SSRF (server-side request forgery). New learning content and labs. Have fun! portswigger.net/web-security/s…
Web Security Academy
@WebSecAcademy
Sep 23, 2019
We've added a brand new topic on testing for #WebSockets vulnerabilities, including three new labs. portswigger.net/web-security/w…