Series

PortSwigger Lab Writeups & Lessons Learned

This series documents my journey through the PortSwigger Web Security Academy labs. Each post covers the vulnerability being explored, the methodology used to identify and exploit it, key takeaways, and lessons learned. The goal is to build a strong foundation in web application security while sharing practical insights with fellow learners and aspiring penetration testers.

SQL Injection Labs (Portswigger)
If you want a second reference alongside this, Rana Khalil's Web Security Academy series on GitHub covers these too and is worth a look once you've had your own "wait, why is this query failing" momen
Jun 14, 202619 min read
I Broke CORS Three Times on Purpose (PortSwigger Academy Writeup)
If you've ever stared at an Access-Control-Allow-Origin header and thought "yeah that looks fine," congratulations, you're exactly the kind of developer these labs are designed to humble. I just finis
Jun 14, 202614 min read1
Path Traversal: 6 Labs, 6 Times I Was Wrong Before I Was Right
I just finished all six Path Traversal labs on PortSwigger's Web Security Academy, going from Apprentice to Practitioner level. Going in, I thought path traversal was simple — just throw ../../../etc/
Jun 13, 20266 min read

Command Palette