Web

• Vulnerabilities
  • API
  • Authentication
  • Broken access control
  • Business logic vulnerabilities
  • Clickjacking
  • CORS
  • CSRF
  • File upload vulnerabilities
  • GraphQL
  • Host header injection
  • HTTP request smuggling
  • Information disclosure vulnerabilities
  • JWT
  • NoSQL injection
  • Oauth 2.0
  • OS command injection
  • Path traversal
  • Prototype pollution
  • Race conditions
  • SQL injection
  • SSRF
  • SSTI
  • Web cache deception
  • Web cache poisoning
  • Web LLM
  • Websockets
  • XSS
  • XXE
• Web security
  • General obfuscation
  • Javascript and obfuscation
  • Method and headers
  • OAuth
  • SOP CORS pre flight
  • Web cache
• Extra