What people say
"Created by the guys who wrote the book on App Sec, excellent and eye opening!"
Rob Fuller, Rapid7
"If you invest enough time on these labs you will be a better hacker... for sure!"
"To say that Daf and Marcus know their stuff is a massive understatement."
MDSec was created by Marcus Pinto and Dafydd Stuttard. We are professional security consultants who have been performing web application penetration testing and training for more than a decade.
Together, we wrote the critically-acclaimed Web Application Hacker's Handbook series, which is the most deep and comprehensive general purpose guide to attacking and defending web applications that is currently available. The second edition of our book uses the MDSec lab exercises as practical examples throughout the book.
We have presented training courses on web application security at numerous high-profile venues around the world, including Black Hat, Syscan, Hack in the Box, and 44Con. Our online training labs are the product of many years of experience and feedback from delivering training courses at venues in the US, Europe, Asia and the Middle East.
We have led security teams at several consultancies, and have worked with all kinds of organizations to test and secure their web applications, including banks, retailers, governments and software developers.
Under the alias "PortSwigger", Dafydd created Burp Suite, which is the leading toolkit for web application security testing, and for many years has pushed the boundaries of techniques for automated and manual web security testing.