Konstantin WeddigeMar 16
When did #PortSwigger shut down the User Forum? There is still a link to the forum on the website, but it now redirects to the generic support page.
Marduk_James Oct 7

Latest #Portswigger SQL lab write-up.

https://medium.com/@marduk.i.am/visible-error-based-sql-injection-2deb4b77ac64

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

Visible Error-Based SQL Injection

A Portswigger Lab

Medium
Marduk_James Oct 5

Latest #Portswigger lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-errors-7850fe9bc73b

Blind SQL Injection with Conditional Errors

A Portswigger Lab

Medium
Anastasis VasileiadisSep 29

🗺️ Where to Practice Ethical Hacking — Safe Learning Platforms 🔐

Sharpen your skills legally on platforms like TryHackMe (beginners), Hack The Box (intermediate/advanced), PortSwigger Academy (web), and CTF sites — safe, structured labs and communities for hands-on learning. 🎯💻

#ethicalhacking #TryHackMe #HackTheBox #PortSwigger #CTF #Infosec #CyberSecurity #LearnToHack #PenTesting #WhiteHat

BillSep 3, 2025

Portswigger put up a video about flaws in HTTP 1.1. it's got John Hammond!

https://portswigger.net/blog/the-entire-internet-is-broken-ethical-hacking-expert-john-hammond-meets-james-kettle

#portswigger #http

"The entire internet is broken": ethical hacking expert John Hammond meets James Kettle

In a brand-new collaboration between ethical hacking and AppSec expert John Hammond and world-renowned security researcher James Kettle, the pair explore how tens of millions of websites are compromis

PortSwigger Blog
Unofficial LowEndBox BotAug 2, 2025
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday https://lowendbox.com/blog/one-third-of-the-web-will-stop-working-in-4-days-massive-scale-cdn-compromise-starts-wednesday/ #Editorial&News #portswigger #tedunangst #Security #HTTP #tedu
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday

About 34% of the web is still powered by HTTP/1.1 and that protocol will likely come under severe attack starting on Wednesday. Get a preview of what's in store for the latest security headache.

LowEndBox
Wen Bin Jun 10, 2025

🚨 Want to start learning ethical web hacking for FREE?

🎯 In this video, I break down 3 websites that offer hands-on labs, structured paths, and gamified learning - perfect for beginners in web application penetration testing and bug bounty!

🎓 Here’s who made the list:

✅ PortSwigger Web Security Academy
Learn real-world web vulnerabilities with interactive labs

✅ TryHackMe
Gamified challenges + guided learning paths

✅ Hack The Box
Academy modules, practice labs & certifications — all linked together

But I didn’t stop at listing them.

💡 I shared my professional take on:
1️⃣ Their unique strengths
2️⃣ What makes each platform great for beginners
3️⃣ And where they could improve to become even better

This isn't just another list — they are insights from an active bug bounty hunter from Singapore 🇸🇬😊

📺 Watch here: https://www.youtube.com/watch?v=_LrpMiAD8rg
📌 Timestamps and useful links in the video description

👇 Comment your favorite FREE hacking resources — let's share and help each other grow!

#BugBounty #BugBountyTips #CyberSecurity #EthicalHacking #TryHackMe #HackTheBox #PortSwigger

3 FREE Websites To Learn Ethical Web Hacking (Beginner Friendly)

YouTube
Marduk_James May 25, 2025

Latest lab write-up. Came out a bit long but very informative.

https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger

Blind SQL Injection with Conditional Responses - Marduk I Am - Medium

This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the…

Medium
Konstantin May 7, 2025

<script>alert(1)</script> - 403 Forbidden
<img src=x onerror=console.log(1)> - 403 Forbidden
<svg onload=print()> - 403 Forbidden

I've recently encountered a web application firewall in a pentest, blocking all my attempts to insert an XSS payload.

In such cases, I love to use the #PortSwigger cross-site scripting cheat sheet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

I copied all payloads to the clipboard, pasted them into the Intruder's word list and hit the "Start attack" button.

Within seconds, I had a working proof of concept.

How do you use the XSS cheat sheet? I'm keen to know!

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking

Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy

Interactive cross-site scripting (XSS) cheat sheet for 2025, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

GilgwathApr 22, 2025
#portswigger has released some #ai thingy for #burpsuite. It doesn't do anything on it's own, but the feature is on by default. If you go to the settings to disable it they ask you for feedback why you turn that crap off. Isn't that obvious? No matter the pinky promiss you make to your customers, that you don't store the data or train on it, as soon as you hand it of to an #LLM company we have no idea what happens. AI and customer data don't mix. End. Of. Story. #infosec #security