Web Security Academy Module Progress Information Disclosure 5 / 5 Server-side template injection 6 / 6 OS command injection 3 / 5 Path traversal 7 / 7 Business Logic 2 / 11 Access Control 4 / 13