Articles
- Penetration Testing Tricks
- Secure Code Explain
- Application-level Denial of Service (DoS)
- Clickjacking
- Cross-origin resource sharing (CORS) Misconfiguration
- Cross-Site Request Forgery (CSRF)
- DOM Cross-Site-Scripting (XSS)
- Hardcoded Credentials
- Host Header Injection
- HSTS not Implemented
- HttpOnly Flag not set
- Insecure direct object references (IDOR)
- Insecure Password Reset – Token Exposed in Response
- Insecure Password Storage
- Insufficient Account Lockout Policy
- Java Deserialization
- Local File Inclusion
- Log Injection
- Missing Content-Security-Policy Header
- Open Redirection
- Reflected Cross-Site-Scripting (XSS)
- Remote Code Execution (RCE)
- Remote File Inclusion (RFI)
- Secure Cookie not set
- Server-Side Request Forgery (SSRF)
- Server-side template injection (SSTI)
- Session Fixation
- SQL Injection
- Stored Cross-Site-Scripting (XSS)
- Unrestricted File Upload
- Weak Password Policy
- XXE Injection
- Security Resources
- Vulnerability Explain
- Security Roadmap