PortSwigger Web Security Academy

EntryPenetration TestingFree

The gold standard free web security learning platform. 240+ interactive labs covering 25+ vulnerability classes from basic to expert level. No certification — but completion of all labs is the standard preparation path for BSCP, OSWE, and web application penetration testing careers. Used by professionals worldwide as the definitive web security reference.

What you'll prove

Identify and exploit SQL injection, XSS, CSRF, SSRF, XXE at Apprentice through Expert levels
Exploit authentication vulnerabilities, access control flaws, and business logic errors
Understand and exploit advanced vulnerabilities including deserialization, SSTI, and HTTP request smuggling
Apply Burp Suite Community Edition for web security testing

Frequently asked

Is PortSwigger Web Security Academy free?

Yes, completely free with no registration required for most labs. The BSCP certification exam is a separate paid component at $99.