In this project, I focused on learning technical skills from PortSwigger Academy while also gaining proficiency in using the Burp Suite application in hopes to get Burp Suite certified in the future. I also wanted this project to give me some more motivation to keep teaching myself skills outside of uni courses.

Each lab is colour coded using the same colours as PortSwigger Academy

• Apprentice
• Practitioner
• Expert

None of the notes are complete, it is mostly only notes that correspond with labs I completed.

Callout blocks like the one below contain a short reflection/further thoughts on some labs

<aside> 🧠 reflection

</aside>

To the left is the contents table listing each topic I attempted labs from. Below you’ll find goals I created, edited, and tracked throughout the project. These involve overall goals for the project and smaller goals I sent for accountability and motivation. These are followed by the notes and writeups I created for each lab and vulnerability, and a final reflection

Goals

SQL Injection

Authentication

Directory Traversal

Command Injection

Business Logic Vulnerabilities

Information Disclosure

Access Control

File Upload Vulnerabilities

Server-Side Request Forgery (SSRF)

XML External Entity (XXE) Injection

Final Reflection

<aside> 🧠 Although I managed to meet my big goals in terms of completing labs, even though I changed them a few times, it was unfortunately only due to being able to get an extra extension after getting Covid. I’m really proud that I managed to not only complete one expert lab but two. As for my goal in giving myself a little more motivation to study outside of uni, it didn’t really work but I think I’ll find myself looking forward to gaining further skills in the exploits I’ve learned so far. I found that setting many small goals (as seen in the goals table) helped me a lot with giving myself a boost of motivation to work on the project, which is why you can see a lot more was done during the last few weeks when I started doing this. A big obstacle I faced during this project was the COMP1531 project, which I found myself putting way too much time into. I even used it as a way to procrastinate on this project in the earlier weeks.

I’m quite satisfied with the amount of things I managed to learn throughout this project, both to do with the actual content I learned and the lessons I learned from them. The latter involved learning

• not to half ass my googling
• how to keep persisting when I didn’t know what I was doing but on the flip side, I also learnt at what point I should stop being stubborn
• to pay attention to the tools I have at my disposal
• to pay more attention to the little things

In terms of how much time I managed to spend on the project, each Apprentice lab took me from under an hour to two hours and I definitely got a little faster at completing them. For Practitioner labs, they took me anywhere from one hour to a few hours and Expert labs took me two hours or more. In general, the longer the writeup was, the more time I spent on it (time includes solving + writeup). For example, the first Expert lab I completed was the 2FA bypass using a brute-force attack where I spent around 6 or 8 hours on since I was a bit stubborn about not wanting to look at the solution. The other expert lab I worked on though, I spent around 2 hours on it before looking at the solution. Adding everything up, I did end up spending around 30 hours on the project.

</aside>