Authentication Vulnerabilities - Lab #5 Username enumeration via response timing | Long Version

In this video, we cover Lab #5 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration using its response times. To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page. Your credentials: wiener:peter Candidate usernames: https://portswigger.net/web-security/... Candidate passwords: https://portswigger.net/web-security/... ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://academy.ranakhalil.com/p/web-... ▬ 📚 Contents of this video 📚 ▬▬▬▬▬▬▬▬▬▬ 00:00​​​ - Introduction 00:11 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:22 - Navigation to the exercise 01:50 - Understand the exercise and make notes about what is required to solve it 02:20 - Exploit the lab 14:47 - Summary 15:09 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Notes.txt document: https://github.com/rkhal101/Web-Secur... Web Security Academy Lab Exercise: https://portswigger.net/web-security/... Rana's Twitter account:   / rana__khalil  

Join Today
Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Long Version
▶︎

Authentication Vulnerabilities - Lab #6 Broken brute-force protection, IP block | Long Version

Authentication Vulnerabilities | Complete Guide
▶︎

Authentication Vulnerabilities | Complete Guide

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Long Version
▶︎

Authentication Vulnerabilities - Lab #4 Username enumeration via different responses | Long Version

Using Large Language Models | Build Your Own LLM Workshop #1
▶︎

Using Large Language Models | Build Your Own LLM Workshop #1

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video
▶︎

Business Logic Vulnerabilities - Lab #5 Low Level Logic Flaw | Long Video

Passkeys Explained: Are They Actually Better Than Passwords?
▶︎

Passkeys Explained: Are They Actually Better Than Passwords?

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version
▶︎

Business Logic Vulnerabilities - Lab #4 Flawed enforcement of business rule | Long Version

How To Think SO CLEARLY People Assume You're A Genius
▶︎

How To Think SO CLEARLY People Assume You're A Genius

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version
▶︎

Authentication Vulnerabilities - Lab #9 Brute-forcing a stay-logged-in cookie | Long Version

Authentication Vulnerabilities - Lab #1 Username enumeration via different responses | Long Version
▶︎

Authentication Vulnerabilities - Lab #1 Username enumeration via different responses | Long Version

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026
▶︎

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

CLAUDE CODE ADVANCED FULL COURSE (3 HOURS)
▶︎

CLAUDE CODE ADVANCED FULL COURSE (3 HOURS)

Authentication Vulnerabilities - Lab #7 Username enumeration via account lock | Long Version
▶︎

Authentication Vulnerabilities - Lab #7 Username enumeration via account lock | Long Version

Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Long Version
▶︎

Authentication Vulnerabilities - Lab #11 Password reset poisoning via middleware | Long Version

The AI Skills Nobody is Teaching (And Everyone Needs) | AI Expert Ethan Mollick
▶︎

The AI Skills Nobody is Teaching (And Everyone Needs) | AI Expert Ethan Mollick

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

Peaceful Focus Music to Reduce Distractions | Gamma Binaural Beats
▶︎

Peaceful Focus Music to Reduce Distractions | Gamma Binaural Beats

40Hz Binaural Gamma Waves - Ultra Deep Concentration
▶︎

40Hz Binaural Gamma Waves - Ultra Deep Concentration