We make learning Web Hacking easier!

We have been teaching web security for years and put together well thought-out exercises to get you from zero to hero. Our exercises cover everything from really basic bugs to advanced vulnerabilities. You will have fun and we will help you in your learning!

Stay Sharp with our Private Exercises!

Get access to private exercises! There are currently 204 private exercises available through PentesterLab PRO:

  • 4 beginner-friendly exercises to get started
  • 60 short exercises to cover most common vulnerabilities
  • 35 short exercises to get more confident with Unix
  • 3 exercises on serialization in Java
  • 5 exercises to learn how to attack thick clients and mobile applications
  • Exercises on recent vulnerabilities
  • ...

And we are publishing new exercises every month!

Learn Online!

Want faster and more portable access to the labs? You can choose to work online!! Our most popular and fundamental exercises are available as online labs! You don't need to setup anything, our exercises are waiting for you. Don't spend your time setting up labs, focus on learning!

No VPN! You can directly access the lab from your browser.

A clear path to follow!

Don't know where to start? Don't know what you need to learn? Follow our path to mastering web security:

Earn certifications!

Want to show all your hard work to your employer? We have built a way to demonstrate the completion of online exercises. All online exercises allow you to "score". Once you score all the exercises of a badge, you receive a certificate of completion. We have already issued 11793 certificates.

11 different certificates are already available, including the Unix Badge (35 exercises), the Essential Badge (60 exercises), the Intercept Badge (5 exercises) and the Serialize Badge (5 exercises) .

And we are currently rolling out the Orange Badge, the Android Badge and the PCAP badge!

Money back guarantee

We are so sure you’ll be happy with your purchase that we offer a “15-Day Money-Back Guarantee”. If for any reason you wish to discontinue using the PRO version, we will promptly issue a refund.

"I just finished the Intercept (MiTM) Badge. I think it’s one of the best on offer, not least because it forces students to figure out how to setup an internet-facing DNS server. DNS and TLS man-in-the-middle attacks I think are some of the most fundamental in web security. I’m really glad to now have some hands-on experience with a few basic examples. The course material and videos are exactly what I needed to quickly learn and execute on the subject matter."

Andy Acer Web / Mobile Pen Tester

or Subscribe for one year and get 2 months free

Get some awesome stickers

When you join PentesterLab PRO, you can give us your address and we will send you some awesome stickers:

Learn by watching!

Follow our step-by-step videos on how to exploit the vulnerabilities covered in each exercises. Learn some tips and tricks!!
Already, 178 videos available (around 11 hours and 53 minutes) covering our best exercises.

We are also adding videos on an on-going basis!

Still not convinced?

Check this in-depth review:
"After completing my fourth badge on PentesterLab, I have enjoyed it so much that I thought I would pass on the word on what a great learning resource it is. If I had to summarise it in one sentence, I would say an extremely well written educational site about web application pentesting that caters to all skill levels and makes it easy to learn at an incredibly affordable price"


The exercises and course content provided by PentesterLab has allowed for me to continually excel in bug bounties and penetration testing in my career by ensuring that I am well aware of the techniques, methods and attack vectors that any good pentester should know. As PentesterLab Pro does not require you to set up VMs, more time has been spent on learning and applying rather than simply setting up labs or vulnerable VMs. The return received from subscribing to PentesterLab has been far greater than the little investment that I have put in.

Shubham Shah (@infosec_au) Senior Security Analyst

... I just completed the JSON Web Token exercise and learned so much! As matter of fact, I've learned tons already from just doing the first few exercises. I wish I would have found your site sooner. It's by far the best way to learn web app security!

Chris Green Security Analyst

Any questions?
Check out our FAQ or email us.

"PentesterLab is an awesome resource to get hands-on, especially for newbies in web penetration testing or pentesting in general. It gives insights to possible web security flaws, their behavior and approaches that can be taken to exploit them. More of, it does help in developing a hacker-like mindset. Kudos & Thanks to PentesterLab!!"

Saurabh Nigam (@saurabhcnigam) Security Engineer

I consider PentesterLab to be a great resource for learning about web application security and ways how it can be subverted. Even though the exercises usually don’t take much time to complete they can teach a lot. I can’t but recommend it, especially to any aspiring junior penetration testers out there.

Jan Kopriva Jan Kopriva CSIRT Team Leader

Pentesterlab is a great way to practice testing skills and learn new attacks. For the time poor, the new online exercises allow you to have an exercise ready at a moment's notice. Many of the more difficult exercises really make you stop and think deeply about the vulnerability and how to approach exploiting it. I've especially been enjoying the new Serialization exercises.

. Senior Security Consultant and Ethical Hacker.

"... it's a fantastic way of learning. I have been a web application security guy but i feel your courses has something more..."


or Subscribe for one year and get 2 months free

Payments are processed using Stripe. Your credit card number does not even go through our server. You can learn more about their security here.

For one-off payment (multiple users, enterprise license, Paypal, BitCoin), contact pro _at_ pentesterlab _dot_ com.