Skip to content

SansCTF/portswigger-writeups

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

portswigger-writeups

Personal writeups of PortSwigger Web Security Academy labs completed during preparation for the Burp Suite Certified Practitioner exam (targeting the week of September 1, 2026).

Each writeup follows a standard structure: what the vulnerability class is, what the specific lab tests, how I exploited it, and one takeaway. See _template.md for the shape.

Progress

Tier Complete Total
Apprentice 59 59 ✅
Practitioner 72 171 (in progress)
Expert 12 39

Structure

Writeups are organized by vulnerability class. Each folder contains one markdown file per lab.

access-control/
authentication/
csrf/
file-upload/
graphql/
http-request-smuggling/
information-disclosure/
jwt/
oauth/
os-command-injection/
path-traversal/
prototype-pollution/
race-conditions/
sql-injection/
ssrf/
web-cache-poisoning/
websockets/
xss/
xxe/

Why publish these?

Three reasons:

  1. Writing forces retention — I can't hand-wave through a lab if I have to explain it in words.
  2. A public writeup pattern is what hiring managers actually look for on the GitHub of an AppSec candidate — it proves the work happened.
  3. Future me will forget the exact payload chain that beat lab X. Notes to self.

Exam target

Practitioner exam — week of September 1, 2026. Cost: $99. Format: 4 hours, two vulnerable web apps, exploit both to pass. Valid 3 years.


Repository is updated weekly through the study period.

About

PortSwigger Web Security Academy lab writeups — Burp Suite Certified Practitioner prep

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors