Articles
- Cross-Site-Scripting (XSS)
- Server-Side Request Forgery (SSRF)
- SQL Injection
- Insecure Direct Object References (IDOR)
- XML External Entity (XXE) Injection
- Remote Code Execution (RCE) and Command Injection
- Local File Inclusion (LFI) and Path Traversal
- Insecure Deserialization
- Open Redirection
- Authentication and JWT Bypass
- Server-Side Template Injection (SSTI)
- Remote File Inclusion (RFI)
- NoSQL Injection
- LDAP and XPath Injection
- CRLF Injection and HTTP Response Splitting
- Host Header Injection
- HTTP Request Smuggling
- Broken Access Control
- Session Fixation
- Clickjacking
- CORS Misconfiguration
- Unrestricted File Upload
- Security Misconfiguration
- Sensitive Data Exposure and Insecure Cryptographic Storage
- Business Logic and Race Condition Vulnerabilities
- GraphQL Security
- API Security and Mass Assignment
- Subdomain Takeover
- Prototype Pollution
- Web Cache Poisoning
- Vulnerable and Outdated Components
- Application-level Denial of Service (DoS)