skip to content
1 min read

notes.bersec.me

Public knowledge base from solving PortSwigger Web Security Academy labs. Each lab has a short vector summary, payload, and link to the original material.

For me — external memory, for fast technique recall on engagements. For others — an alternative perspective and a payload cheat sheet.

Categories covered:

  • SQL injection, NoSQL injection
  • XSS, CSRF, clickjacking
  • authentication, access control, business logic
  • server-side request forgery, file upload, XXE
  • OAuth, JWT, API security
  • prototype pollution, WebSockets, race conditions

notes.bersec.me