Useful Links
Computer Science
Cybersecurity
Browser Security and Exploitation
1. Introduction to Browser Security
2. Browser Architecture Fundamentals
3. Web Technology Foundations
4. Browser Security Models
5. Vulnerability Classifications
6. Browser Exploitation Methodology
7. Exploitation Primitives and Techniques
8. JavaScript Engine Exploitation
9. DOM and Rendering Engine Exploitation
10. Browser Hardening and Mitigations
11. Vulnerability Research Methods
12. Browser Extensions and Plugin Security
13. Emerging Attack Surfaces
14. Security Analysis Tools
Vulnerability Classifications
Cross-Site Scripting
Reflected XSS
Input Reflection Mechanisms
URL Parameter Injection
HTTP Header Injection
Stored XSS
Persistent Storage Locations
Database Injection
File System Storage
DOM-Based XSS
Client-Side Injection Points
JavaScript Sink Analysis
Source-to-Sink Flow
Universal XSS
Browser Implementation Bugs
Extension Vulnerabilities
Same-Origin Policy Bypass
XSS Prevention Methods
Input Validation
Output Encoding
Content Security Policy
HttpOnly Cookies
Cross-Site Request Forgery
CSRF Attack Vectors
GET Request Exploitation
POST Request Exploitation
JSON Request Exploitation
CSRF Protection Mechanisms
Synchronizer Tokens
Double Submit Cookies
SameSite Cookie Attribute
Custom Header Verification
Memory Corruption Vulnerabilities
Buffer Overflow Types
Stack Buffer Overflow
Heap Buffer Overflow
Integer Overflow Leading to Buffer Overflow
Use-After-Free Vulnerabilities
Object Lifetime Management
Dangling Pointer Exploitation
Heap Spray Techniques
Type Confusion Attacks
Object Type Verification Bypass
Virtual Function Table Corruption
Dynamic Type System Abuse
Out-of-Bounds Access
Array Index Validation Bypass
Bounds Check Elimination
Speculative Execution Exploitation
Double Fetch Vulnerabilities
Time-of-Check Time-of-Use
Race Condition Exploitation
Kernel-User Space Communication
Logic Vulnerabilities
Authentication Bypass
Session Management Flaws
Authorization Logic Errors
Business Logic Flaws
Workflow Manipulation
State Machine Violations
IPC Logic Vulnerabilities
Message Validation Bypass
Privilege Escalation via IPC
Process Communication Abuse
Side-Channel Attacks
Timing Attacks
Cache Timing Analysis
Network Timing Analysis
Cryptographic Timing Attacks
Speculative Execution Attacks
Spectre Variants
Meltdown Attack
Microarchitectural Data Sampling
Cross-Site Information Leaks
Cross-Origin State Inference
Resource Timing Attacks
Error Message Analysis
Previous
4. Browser Security Models
Go to top
Next
6. Browser Exploitation Methodology