Useful Links
Computer Science
Cybersecurity
Application Security
1. Introduction to Application Security
2. Foundational Security Principles
3. Secure Software Development Lifecycle
4. Secure Design and Architecture
5. Secure Coding Practices
6. Language-Specific Security Considerations
7. Third-Party Component Security
8. Secrets Management
9. Security Testing Methodologies
10. Common Vulnerability Categories
11. Secure Deployment and Operations
12. Vulnerability Management and Incident Response
13. Specialized Application Security Domains
14. Application Security Program Management
Common Vulnerability Categories
Injection Vulnerabilities
SQL Injection
Classic SQL Injection
Blind SQL Injection
Time-Based SQL Injection
Prevention Techniques
NoSQL Injection
MongoDB Injection
CouchDB Injection
Prevention Strategies
Command Injection
OS Command Injection
Code Injection
Prevention Methods
LDAP Injection
LDAP Query Manipulation
Prevention Approaches
XPath Injection
XPath Query Manipulation
Prevention Techniques
Cross-Site Scripting
Reflected XSS
Attack Mechanics
Detection Methods
Prevention Strategies
Stored XSS
Persistent XSS Attacks
Impact Assessment
Mitigation Techniques
DOM-Based XSS
Client-Side Vulnerabilities
JavaScript Context Issues
Prevention Approaches
XSS Prevention
Output Encoding
Content Security Policy
Input Validation
Authentication Vulnerabilities
Broken Authentication
Weak Password Policies
Session Management Flaws
Credential Exposure
Session Management Issues
Session Fixation
Session Hijacking
Insecure Session Storage
Multi-Factor Authentication Bypass
MFA Implementation Flaws
Backup Authentication Methods
Social Engineering Attacks
Authorization Vulnerabilities
Broken Access Control
Vertical Privilege Escalation
Horizontal Privilege Escalation
Function-Level Access Control
Insecure Direct Object References
Parameter Manipulation
Resource Enumeration
Access Control Bypass
Missing Authorization Checks
Endpoint Protection
Resource Access Control
Administrative Function Protection
Data Exposure Vulnerabilities
Sensitive Data Exposure
Data in Transit
Data at Rest
Data in Memory
Information Disclosure
Error Message Disclosure
Debug Information Exposure
System Information Leakage
Cryptographic Failures
Weak Encryption
Poor Key Management
Algorithm Vulnerabilities
Security Misconfiguration
Default Configurations
Default Accounts
Default Passwords
Unnecessary Services
Improper Error Handling
Verbose Error Messages
Stack Trace Exposure
Debug Mode in Production
Missing Security Headers
HTTP Security Headers
CORS Misconfiguration
Content Type Sniffing
Advanced Vulnerability Types
XML External Entity Attacks
XXE Attack Vectors
Prevention Techniques
Parser Configuration
Insecure Deserialization
Object Injection
Remote Code Execution
Prevention Strategies
Server-Side Request Forgery
SSRF Attack Scenarios
Internal Network Access
Prevention Methods
Cross-Site Request Forgery
CSRF Attack Mechanics
Token-Based Protection
SameSite Cookie Attributes
Previous
9. Security Testing Methodologies
Go to top
Next
11. Secure Deployment and Operations