Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Who is behind the Web Security Academy?

The Web Security Academy is primarily maintained by a small team at PortSwigger, the makers of Burp Suite.

The core content was originally created by PortSwigger founder, Dafydd Stuttard. Rather than publish a third edition of the Web Application Hacker's Handbook, which he co-authored with his former colleague, Marcus Pinto, Daf decided to create a completely free, interactive, online learning platform.

Since then, we've kept our Academy up to date with the latest developments and discoveries from the rapidly evolving world of web security, including the cutting-edge techniques our world-renowned research team are pioneering.

Our experts have also designed missions that enable you to test and hone your skills by completing specific tasks. You'll tackle these in our labs - controlled environments that mimic vulnerable websites you might encounter out in the wilds of the web.

Community contributions

We're delighted to have such an enthusiastic community of users consisting of both experienced web security professionals and novice users who are just learning the fundamentals.

We'd like to thank the following Academy users, who have all created video walkthroughs and explanations for some of our labs:

Rana Khalil, Michael Sommer, z3nsh3ll, Intigriti, Emanuele Picariello, nu11 security, Garr_7

If you're interested in contributing your own videos, check out our video submission guidelines for details on how to do this.

Inspiration from the community

Our team are constantly on the lookout for cool new research and novel techniques. It's impossible to credit everyone, but we'd like to thank the following members of the web security community for sharing their findings, which we've integrated into our learning materials and labs:

Orange Tsai, Mikhail Klyuchnikov, PTSwarm, Szymon Drosdzol, CODE WHITE, GoSecure, Soroush Dalili

Note that we've received so many great contributions to our Cross-site scripting (XSS) cheat sheet that we maintain a separate credit list.