Introduction

What?

Notes on techniques

Why?

Tackle challenges in determining and exploring vulnerabilities in web applications.

How?

• Cross-site scripting (XSS)

• Open redirection

• Clickjacking

• Cross-site request forgery (CSRF)

• Insecure direct object references (IDOR)

• SQL injection

• Race conditions

• Server-side request forgery (SSRF)

• Insecure deserialisation

• XML external entity (XXE) injection

• Web cache poisoning

• HTTP Request smuggling

• Template injection (SSTI)

• Authentication vulnerabilities

• Single-sign-on security (SSO)

• Broken access control

• Application logic errors

• HTTP Host header attacks

• Websocket vulnerabilities

• Remote code execution (RCE)

• Same-origin policy (SOP)

• Information disclosure

• File uploads

• JSON web tokens attacks

• Prototype pollution