This notes are designed to be a toolbox for the BSCP certification or for Mystery labs. For every Apprentice and Practitioner labs on Portswigger’s Web Security Academy there’s a quick explanation and a payload here.

Have fun !

API testing

Web LLM attack

Server side vulnerabilities

Path traversal

File Upload Vulnerabilities

CSRF

Clickjacking

GraphQL

CORS

XXE injection

OS command injection

SQLi

XSS

DOM-based

NoSQL

SSRF