Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

The Web Application Hacker's Handbook

For over a decade, The Web Application Hacker's Handbook (WAHH) has been the de facto standard reference book for people who are learning about web security.

Very many people have asked for a third edition of WAHH. But rather than produce another printed book with non-interactive content that slowly goes out of date, we've decided to create the Web Security Academy instead.

The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you. Best of all, everything is free!

The Web Security Academy is a living resource that we'll continue updating with new material and labs, covering the latest developments in web security research. We very much hope that the Web Security Academy will fulfill the purpose that The Web Application Hacker's Handbook has done in the past, and help the next generation of web hackers acquire the skills and knowledge that they need.

Access the Web Security Academy