<aside> ⚠️ Only weeks 1-19 are available. After that, you'll be able to continue on your own. Note: For those who have free time: these bugs are not meant to take a whole week. If you have time, you can spend much less than that.

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/de05c9e5-eb00-4fcc-af4a-96e3e9589e4e/11096817.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/de05c9e5-eb00-4fcc-af4a-96e3e9589e4e/11096817.png" width="40px" /> Month 1 - Development

Pre-web

Week 1 FrontEnd

Week 2 BackEnd

Week 3 Database

Week 4 Final Project

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/8aef15cd-2098-4e64-9dd3-feff327bf01a/web-coding.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/8aef15cd-2098-4e64-9dd3-feff327bf01a/web-coding.png" width="40px" />

Month 2 - WEB Pentest

Pentesting tools

Week 5 “Access control”

Week 6 “Subdomain Takeover”

Week 7 “Authentication + Information disclosure + Google Dorks”

Week 8 “OS command injection + Path traversal & LFI”

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/8d18de6f-e1bf-4937-ba8c-0ed4b827bbf6/11299058.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/8d18de6f-e1bf-4937-ba8c-0ed4b827bbf6/11299058.png" width="40px" />

Month 3 - WEB Pentest + Recon

Week 9 “ File Upload + Recon “

Week 10 “CSRF & CORS & recon“

Week 11 SSRF + Logic bugs +recon

Week 12 XSS + DOM based vulnerabilities + recon

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" width="40px" />

Month 4 - WEB Pentest + Pentesting meth + hunting

Week 13 SQLI

Week 14 “JWT + SSTI”

Week 15 Web sockets + Race condition

Week 16 HTTP{ Host header attacks & request smuggling}

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" width="40px" />

Month 5 - WEB Pentest + automation

Week 16 XXE + Clickjacking

Week 17 Insecure deserialization

Week 18 OAuth

Week 19 Web cache { poisoning & deception }

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" width="40px" />

Month 6 - Rest of vulnerabilities + API

Week 20

Week 21

Week 22

Week 23

</aside>

<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/2ab6ea37-5cd9-465e-a988-79fae76207cd/e9a2435e-04bb-4494-8963-7233ef2b629b/6107206.png" width="40px" />

Month 7 - Vulnerability chaining + Cloud

</aside>