Security Resources
- Secure Code Explain
- Insecure Password Reset - Token Exposed in Response
- Insecure Password Storage
- Server-side template injection (SSTI)
- Host Header Injection
- Unrestricted File Upload
- Java Deserialization
- Application-level Denial of Service (DoS)
- Cross-origin resource sharing (CORS) Misconfiguration
- Server-Side Request Forgery (SSRF)
- Insufficient Account Lockout Policy
- Open Redirection
- Local File Inclusion
- Insecure direct object references (IDOR)
- Remote Code Execution (RCE)
- Remote File Inclusion (RFI)
- Clickjacking
- XXE Injection
- DOM Cross-Site-Scripting (XSS)
- Stored Cross-Site-Scripting (XSS)
- Reflected Cross-Site-Scripting (XSS)
- Secure Cookie not set
- HttpOnly Flag not set
- Log Injection
- Weak Password Policy
- Session Fixation
- Missing Content-Security-Policy Header
- HSTS not Implemented
- Hardcoded Credentials
- Cross-Site Request Forgery (CSRF)
- SQL Injection
- Security Resources
- Wordlists
- Out-of-Band Exfiltration Tools
- Search Engines for Hackers
- Browser Extensions
- Input Sanitization Techniques for Secure Coding
- HTTP Security Headers
- Vulnerability Explain
- Penetration Testing Tricks
- Graphql [Inprogress]
- 2FA Bypass
- Subdomain Enumeration Tools
- Captcha Bypass
- One-Liners for Bug Bounty
- Security Roadmap