Useful Links
Computer Science
Cybersecurity
Web Application Penetration Testing
1. Introduction to Web Application Penetration Testing
2. Foundational Web Technologies
3. The Penetration Testing Methodology
4. Setting Up a Testing Environment
5. Information Gathering and Application Mapping
6. Server-Side Vulnerabilities
7. Client-Side Vulnerabilities
8. Authentication and Session Management Testing
9. Application Logic Testing
10. Web Services and API Security Testing
11. Advanced Attack Techniques
12. Reporting and Remediation
Advanced Attack Techniques
HTTP Request Smuggling
CL.TE Vulnerabilities
TE.CL Vulnerabilities
TE.TE Vulnerabilities
Detection Techniques
Exploitation Methods
Prevention and Mitigation
HTTP/2 Specific Attacks
HTTP/2 Request Smuggling
Stream Multiplexing Abuse
Header Compression Attacks
Server Push Vulnerabilities
WebSocket Security Testing
WebSocket Handshake Analysis
Message Manipulation
Cross-Site WebSocket Hijacking
Authentication and Authorization
Input Validation Testing
Server-Side Includes Injection
SSI Syntax and Commands
File Inclusion via SSI
Remote Code Execution
Detection and Exploitation
Expression Language Injection
EL Syntax Analysis
Framework-Specific EL Injection
Remote Code Execution
Prevention Techniques
Prototype Pollution
JavaScript Prototype Chain
Pollution Vectors
Client-Side Exploitation
Server-Side Exploitation
Deserialization Attacks
Java Deserialization Gadgets
.NET Deserialization Chains
Python Pickle Exploitation
PHP Object Injection
Cache Poisoning Attacks
Web Cache Deception
HTTP Cache Poisoning
CDN Cache Manipulation
Browser Cache Poisoning
Previous
10. Web Services and API Security Testing
Go to top
Next
12. Reporting and Remediation