Getting Started With Portswigger Web Security Academy

PortSwigger's Web Security Academy is a free, interactive online learning platform that teaches web security through hands-on labs, designed by the creators of Burp Suite. Whether you’re a budding ethical hacker, a developer wanting to secure your code, or a security professional looking to enhance your skills, this guide will help you navigate and make the most of this valuable resource.

Setting Up and Getting Started

Create an Account

Before you start, create a free account at PortSwigger Web Security Academy. Having an account allows you to track your progress, save completed labs, and revisit topics at your convenience.

The modules are divided under two headings; Topics and Learning Paths. The Topics are split into Server-side topics, Client-side topics and Advanced topics; while the Learning Paths are split into Practitioner and Apprentice.

Each division contains multiple topics and is designed to take you from beginner to expert.

Access the Labs

Labs are practical exercises that let you apply what you've learned. Labs provide a simulated environment where you can exploit vulnerabilities in real-world scenarios without causing harm. Each lab presents a specific security vulnerability and is hosted online, so minimal setup is required on your part.

While you can complete most labs directly in your browser, some exercises recommend using Burp Suite, PortSwigger’s web vulnerability scanner, to aid in the process. You can download Burp Suite Community Edition for free from the PortSwigger website.

Tips for Success

• Follow a learning path if you're new to web security.

• Take notes and create your own cheat sheets.

• Before diving into each lab, carefully read through the provided documentation and explanations.

• For many labs, using Burp Suite will make things easier. Learn to intercept requests, modify parameters, and replay them to observe how the web application reacts.

• PortSwigger has an active forum where users discuss labs and share tips. If you get stuck, the forum can be a helpful place to find solutions or guidance.