Application Logic Flaws
Application Logic Flaws — methodology, techniques, and references.
54 docs tagged with "Web"
View all tagsArbitrary Cookie Flags
Arbitrary Cookie Flags — methodology, techniques, and references.
Back button attack
Back button attack — methodology, techniques, and references.
Broken Authentication
Broken Authentication — methodology, techniques, and references.
BruteForce Attack
BruteForce Attack — methodology, techniques, and references.
Captcha Bypass
Captcha Bypass — methodology, techniques, and references.
Clickjacking
This repository hosts a professional Proof of Concept (PoC) showcasing the Clickjacking vulnerability in web applications. Clickjacking represents a…
ClickJacking Vuln
Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a…
Command Injection
Command Injection — methodology, techniques, and references.
CORS
CORS — methodology, techniques, and references.
Credential Stuffing
Credential Stuffing — methodology, techniques, and references.
CRLF
CRLF — methodology, techniques, and references.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that tricks a user into executing unwanted actions on a web application where they are authenticated. By…
Deserialization Attack
1. User Input: Test serialized data from forms, APIs, or URL parameters.
Directory Traversal
Directory Traversal — methodology, techniques, and references.
GraphQL Injection
GraphQL Injection — methodology, techniques, and references.
Host Header Injection
Host Header Injection — methodology, techniques, and references.
How to Identify DOM-Based XSS?
DOM-based XSS occurs when the vulnerability is in the JavaScript code running in the browser, rather than in the server-side response. The malicious…
HTTP Request Smuggling
HTTP Request Smuggling — methodology, techniques, and references.
IDOR
Got it! Here's a nicely formatted and easy-to-read Markdown table and cheatsheet for IDOR (Insecure Direct Object Reference) payloads, bypasses, and…
Improper Error Handling
Improper Error Handling — methodology, techniques, and references.
Information Disclosure
Information Disclosure — methodology, techniques, and references.
Insecure Object Storage
Insecure Object Storage — methodology, techniques, and references.
Insufficient Security Controls
Insufficient Security Controls — methodology, techniques, and references.
Insufficient Transport Layer Protection
Insufficient Transport Layer Protection — methodology, techniques, and references.
JWT Attacks
JWT Attacks — methodology, techniques, and references.
Misconfigured HTTP Headers
Misconfigured HTTP Headers — methodology, techniques, and references.
Open File Upload
This page covers the specific angle of upload functionality and uploaded files being exposed without proper access control. For full exploitation of…
Open Redirect
Open Redirect — methodology, techniques, and references.
Outdated TLS Version
Outdated TLS Version — methodology, techniques, and references.
Path Traversal
Path Traversal — methodology, techniques, and references.
Privilege Escalation
Privilege Escalation — methodology, techniques, and references.
Race Condition
Race Condition — methodology, techniques, and references.
Remote Code Execution (RCE)
Remote Code Execution (RCE) — methodology, techniques, and references.
Second Order SQL Injection (SO-SQLi) Guide
Unlike first-order SQLi, the injection doesn’t happen right away, it’s triggered in a separate step, often in a different part of the application.
Security Header Missing
Security Header Missing — methodology, techniques, and references.
Server Misconfigurations
Server Misconfigurations — methodology, techniques, and references.
Server-Side Template Injection (SSTI)
Server-Side Template Injection (SSTI) is a type of security vulnerability that occurs when user input is insecurely embedded in server-side templates,…
Session Fixation
Session Fixation — methodology, techniques, and references.
SQL Injection
The impact of a successful SQL Injection attack can be severe, affecting the integrity, confidentiality, and availability of data. Some of the most…
SSRF
SSRF — methodology, techniques, and references.
tabnabbing
tabnabbing — methodology, techniques, and references.
Unrestricted File Upload
Unrestricted File Upload — methodology, techniques, and references.
Unsecured API Endpoints
Unsecured API Endpoints — methodology, techniques, and references.
Unvalidated Redirects and Forwards
Unvalidated Redirects and Forwards — methodology, techniques, and references.
Weak Ciphers
Weak Ciphers — methodology, techniques, and references.
Web Application Pentesting
Welcome to the Web Application Penetration Testing repository. You will get help with OWASP standard references, as well as common test cases that get…
Web Application Pentesting — References
Downloadable reference documents and PDFs for Web Application Pentesting.
Web Cache Deception
Web Cache Deception — methodology, techniques, and references.
Web Cache Poisoning
Web Cache Poisoning — methodology, techniques, and references.
Web LLM Prompt Injection
Web LLM Prompt Injection — methodology, techniques, and references.
XML External Entity (XXE)
XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing…
XSS
Bypassing WAF (Web Application Firewall) in XSS (Cross-Site Scripting) attacks relies on exploiting various techniques and methods to bypass the…
XSS - Cross Site Scripting
XSS is exploited when the attacker can successfully execute any type of script (for example, JavaScript) on the victim's browser. These types of flaws…