Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.

Getting Started

Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.

Additionally, there are coursework levels where you can hunt for bugs and experiment with exploitation in practice. As you work through the content, try out the coursework to see what you can find!

Sessions

• Introduction
• The Web In Depth
• XSS and Authorization
• SQL Injection and Friends
• Session Fixation
• Clickjacking
• File Inclusion Bugs
• File Upload Bugs
• Null Termination Bugs
• Unchecked Redirects
• Password Storage
• Crypto series
  • Crypto Crash Course
  • Crypto Attacks
  • Crypto Wrap-Up

Vulnerabilities

• Clickjacking
• Command Injection
• Cross-Site Request Forgery (CSRF)
• Directory Traversal
• Local/Remote File Inclusion
• Improper Authorization
• Insecure Password Storage
• Improper Handling of Null Termination
• Padding Oracle
• Reflected Cross-Site Scripting (XSS)
• Session Fixation
• SQL Injection
• Stored Cross-Site Scripting (XSS)
• Stream Cipher Key Reuse
• Subdomain Takeover
• Unchecked Redirect

Coursework

• Level 0: Breakerbank
• Level 1: Breakbook
• Level 2: Breaker Profile
• Level 3: Breaker CMS
• Level 4: Breaker News
• Level 5: Document Repository
• Level 6: Student Center
• Level 7: Guardian
• Level 8: Document Exchange

Help and FAQ

See our FAQ list at https://www.hackerone.com/hacker101 or email [email protected] with questions or suggestions. Thanks!