Security Resources
- Secure Code Explain
- Insecure Password Reset - Token Exposed in Response
- Insecure Password Storage
- Server-side template injection (SSTI)
- Host Header Injection
- Unrestricted File Upload
- Java Deserialization
- Application-level Denial of Service (DoS)
- Cross-origin resource sharing (CORS) Misconfiguration
- Server-Side Request Forgery (SSRF)
- Insufficient Account Lockout Policy
- Open Redirection
- Weak Password Policy
- Insecure direct object references (IDOR)
- Remote Code Execution (RCE)
- Remote File Inclusion (RFI)
- Clickjacking
- XXE Injection
- DOM Cross-Site-Scripting (XSS)
- Stored Cross-Site-Scripting (XSS)
- Reflected Cross-Site-Scripting (XSS)
- SQL Injection
- Local File Inclusion
- Secure Cookie not set
- HttpOnly Flag not set
- Session Fixation
- Missing Content-Security-Policy Header
- HSTS not Implemented
- Hardcoded Credentials
- Cross-Site Request Forgery (CSRF)
- Log Injection
- Security Resources
- Wordlists
- Search Engines for Hackers
- Browser Extensions
- Out-of-Band Exfiltration Tools
- Input Sanitization Techniques for Secure Coding
- HTTP Security Headers
- Vulnerability Explain
- Penetration Testing Tricks