An event focused on web security. Every week, we work our way through the PortSwigger Academy topics list and (try to) solve a few labs! The event currently only happens in person and mostly in German, but we will accommodate any requests for English.
If you want to reach out, have ideas for topics or questions around the event, feel free ping cyaniccerulean
.
Here's a list of all the events giving you a brief idea on what we're doing:
| Has description | |
|---|---|
| Web-foo/2022-08-18 | Web Basics |
| Web-foo/2022-08-24 | SQLi |
| Web-foo/2022-08-31 | XSS |
| Web-foo/2022-09-07 | CSRF |
| Web-foo/2022-09-14 | DOM based vulnerabilities |
| Web-foo/2022-09-21 | CORS |
| Web-foo/2022-09-28 | XXE |
| Web-foo/2022-10-05 | SSRF |
| Web-foo/2022-10-12 | HTTP request smuggling |
| Web-foo/2022-10-19 | OS injection |
| Web-foo/2022-10-26 | Server Side Template Injection |
| Web-foo/2022-11-02 | Directory Traversal |
| Web-foo/2022-11-09 | Access control vulnerabilities |
| Web-foo/2022-11-16 | Authentication vulnerabilities |
| Web-foo/2022-11-23 | Authentication Vulnerabilities |
| Web-foo/2022-11-30 | Authentication Vulnerabilities |
| Web-foo/2022-12-07 | Authentication Vulnerabilities |
| Web-foo/2022-12-14 | Authentication Vulnerabilities |
| Web-foo/2022-12-21 | Business logic vulnerabilities |
| Web-foo/2023-01-04 | Web Sockets |
| Web-foo/2023-01-11 | Web Cache Poisoning |
| Web-foo/2023-01-18 | Insecure Deserialization |
| Web-foo/2023-01-25 | Insecure Deserialization |
| Web-foo/2023-02-01 | HTTP Host Header Attacks |
| Web-foo/2023-02-08 | Information Disclosure Vulnerabilities |
| Web-foo/2023-02-15 | File Upload Vulnerabilities |
| Web-foo/2023-02-22 | Clickjacking |
other topics
- JWT
- GraphQL
- Prototype Pollution
(add topics at the bottom of the list)