portswigger 46

• Lab 05: SSRF with filter bypass via open redirection vulnerability Feb 19, 2026
• Lab 04: SSRF with whitelist-based input filter Feb 19, 2026
• Lab 03: SSRF with blacklist-based input filter Feb 19, 2026
• Lab 02: Basic SSRF against another back-end system Feb 19, 2026
• Lab 01: Basic SSRF against the local server Feb 19, 2026
• Lab 04: JWT authentication bypass via jwk header injection Feb 19, 2026
• Lab 03: JWT authentication bypass via weak signing key Feb 19, 2026
• Lab 08: JWT authentication bypass via algorithm confusion with no exposed key Feb 19, 2026
• Lab 07: JWT authentication bypass via algorithm confusion Feb 19, 2026
• Lab 06: JWT authentication bypass via kid header path traversal Feb 19, 2026
• Lab 05: JWT authentication bypass via jku header injection Feb 19, 2026
• Lab 02: JWT authentication bypass via flawed signature verification Feb 18, 2026
• Lab 01: JWT authentication bypass via unverified signature Feb 18, 2026
• Lab 02: Exploiting NoSQL operator injection to bypass authentication Jan 27, 2026
• Lab 01: Detecting NoSQL Injection Jan 27, 2026
• Lab 3: Exploiting a mass assignment vulnerability Dec 23, 2025
• Lab 2: Finding and exploiting an unused API endpoint Dec 23, 2025
• Lab 1: Exploiting an API endpoint using documentation Dec 23, 2025
• Lab 13: Password brute-force via password change Dec 21, 2025
• Lab 11: Password reset broken logic Dec 21, 2025
• Lab 10: Offline password cracking Dec 20, 2025
• Lab 09: Brute-forcing a stay-logged-in cookie Dec 20, 2025
• Lab 08: 2FA broken logic Dec 20, 2025
• Lab 07: 2FA simple bypass Dec 20, 2025
• Lab 06: Broken brute-force protection, multiple credentials per request Dec 19, 2025
• Lab 05: Username enumeration via account lock Dec 19, 2025
• Lab 04 : Broken brute-force protection, IP block Dec 19, 2025
• Lab 03: Username enumeration via response timing Dec 19, 2025
• Lab 02: Username enumeration via subtly different responses Dec 19, 2025
• Lab 01 : Username enumeration via different responses Dec 19, 2025
• Lab 03: Cross-site WebSocket hijacking Dec 18, 2025
• Lab 02: Manipulating the WebSocket handshake to exploit vulnerabilities Dec 18, 2025
• Lab 01: Manipulating WebSocket messages to exploit vulnerabilities Dec 18, 2025
• Lab 13: Referer-based access control Dec 17, 2025
• Lab 12: Multi-step process with no access control on one step Dec 17, 2025
• Lab 11 : Insecure direct object references Dec 17, 2025
• Lab 10: User ID controlled by request parameter with password disclosure Dec 17, 2025
• Lab 09: User ID controlled by request parameter with data leakage in redirect Dec 17, 2025
• Lab 08: User ID controlled by request parameter, with unpredictable user IDs Dec 17, 2025
• Lab 07: User ID controlled by request parameter Dec 17, 2025
• Lab 06: Method-based access control can be circumvented Dec 16, 2025
• Lab 05: URL-based access control can be circumvented Dec 16, 2025
• Lab 04: User role can be modified in user profile Dec 16, 2025
• Lab 03: User role controlled by request parameter Dec 16, 2025
• Lab 02: Unprotected admin functionality with unpredictable URL Dec 15, 2025
• Lab 01: Unprotected Admin Functionality Dec 15, 2025