Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
Hacker101 is structured as a set of lessons -- some covering multiple bugs, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class, or you can watch individual videos. If you're new to security, we recommend the former.
- Introduction
- The Web In Depth
- XSS and Authorization
- SQL Injection and Friends
- Session Fixation
- Clickjacking
- File Inclusion Bugs
- File Upload Bugs
- Null Termination Bugs
- Unchecked Redirects
- Password Storage
- Crypto series
- Clickjacking
- Command Injection
- Cross-Site Request Forgery (CSRF)
- Directory Traversal
- Local/Remote File Inclusion
- Improper Authorization
- Insecure Password Storage
- Improper Handling of Null Termination
- Padding Oracle
- Reflected Cross-Site Scripting (XSS)
- Session Fixation
- SQL Injection
- Stored Cross-Site Scripting (XSS)
- Stream Cipher Key Reuse
- Unchecked Redirect