Web attacks

Methodology & Academy OWASP Top 10 Avoid Aggressive Scanning Web Enumeration Fuzzing Bypass 403 / 401 Bypass 302 Registration Form Email Verification Bypass Email injections Phone Number Injection Login Forms Attacks Bypass Captcha SSO 2FA / OTP Password Reset SQL Injection NoSQL injection LDAP Injection XSS SSI / ESI Injection CSP Bypass File Inclusion LFI / RFI File Upload Attacks Command Injection Markdown injection XPath Injection HTTP Verb Tampering HTTP Header Exploitation HTTP Request Smuggling Price / Checkout Manipulation Methods Testing Credit Cards Cookies Misconfiguration Basic HTTP Authentification JWT Token IDOR XXE / XSLT SSTI CSTI SSRF CSRF CORS Open Redirection CSPT Relative Path Overwrite, RPO CRLF Injection JSON Attack Prototype Pollution Web Mass Assignment Web Cache Clickjacking Tabnabbing Race Conditons CSV Injection CSS Exfiltration WAF Bypass CMS Django Flask / Werkzeug Tomcat (8080)Tomcat CGI Jetty Nginx IIS Exchange / OWA GitLab Jenkins Splunk Elasticsearch PRTG Network Monitor osTicket ColdFusion Nagios Webmin Slack Moodle Jira Magento Prestashop Docker KeyCloak Jupyter Notebook

PreviousEncryption NextMethodology & Academy