PortSwiggerApprentice
Lab: Unprotected admin functionality
Broken access control has topped the OWASP Top 10 for years, and the simplest version of it is also the easiest to miss: a page that does exactly what...
PortSwiggerApprentice
Lab: Unprotected admin functionality with unpredictable URL
Hiding a sensitive endpoint behind a random-looking URL feels like it should work — there's no robots.txt entry to leak it and no wordlist likely to...
PortSwiggerApprentice
Lab: User role controlled by request parameter
Some applications decide who you are once, at login, and then trust whatever the client hands back on every request after that. When that trust is...
PortSwiggerApprentice
Lab: User role can be modified in user profile
Profile update endpoints tend to be treated as low-risk by developers — what harm could changing your own email address do? But if the same request...
PortSwiggerApprentice
Lab: User ID controlled by request parameter
Horizontal privilege escalation doesn't need a broken role system — it just needs an identifier that names which record to return, sitting in a place...
PortSwiggerApprentice
Lab: User ID controlled by request parameter, with unpredictable user IDs
Swapping a username in an id parameter is trivial when usernames are the identifier. Switch that identifier to a GUID and the naive version of the...
PortSwiggerApprentice
Lab: User ID controlled by request parameter with data leakage in redirect
Redirecting an unauthorized request away from sensitive data looks like an access control fix on the surface — the browser never renders the page it...
PortSwiggerApprentice
Lab: User ID controlled by request parameter with password disclosure
An IDOR that leaks another user's API key is bad. An IDOR that leaks the administrator's password turns a horizontal information leak into full...
PortSwiggerApprentice
Lab: Insecure direct object references
Not every IDOR lives in a URL query parameter pointing at a database row. Static files — transcripts, exports, generated documents — are direct object...
Want to go from zero to junior pentester?
These walkthroughs are a taste. The full path — live, hands-on, small cohorts — starts with a free webinar.
Join the Free Live Webinar →