Public knowledge base from solving PortSwigger Web Security Academy labs. Each lab has a short vector summary, payload, and link to the original material.
For me — external memory, for fast technique recall on engagements. For others — an alternative perspective and a payload cheat sheet.
Categories covered:
- SQL injection, NoSQL injection
- XSS, CSRF, clickjacking
- authentication, access control, business logic
- server-side request forgery, file upload, XXE
- OAuth, JWT, API security
- prototype pollution, WebSockets, race conditions