Web Application Penetration Testing

7.

Client-Side Vulnerabilities

7.1.

Cross-Site Scripting

7.1.1.

7.1.1.1.

URL-Based Reflection

7.1.1.2.

Form-Based Reflection

7.1.1.3.

HTTP Header Reflection

7.1.2.

7.1.2.1.

Database Storage

7.1.2.2.

File System Storage

7.1.2.3.

Log File Injection

7.1.3.

7.1.3.1.

Source and Sink Analysis

7.1.3.2.

JavaScript Framework Vulnerabilities

7.1.3.3.

Client-Side Template Injection

7.1.4.

XSS Filter Evasion

7.1.4.1.

Encoding Techniques

7.1.4.2.

Polyglot Payloads

7.1.4.3.

Context-Specific Bypasses

7.1.5.

XSS Exploitation Techniques

7.1.5.1.

Session Token Theft

7.1.5.2.

7.1.5.3.

Phishing Attacks

7.1.5.4.

7.1.6.

Prevention and Mitigation

7.1.6.1.

Input Validation

7.1.6.2.

Output Encoding

7.1.6.3.

Content Security Policy

7.2.

Cross-Site Request Forgery

7.2.1.

7.2.2.

POST-Based CSRF

7.2.3.

JSON-Based CSRF

7.2.4.

CSRF Token Bypass Techniques

7.2.5.

SameSite Cookie Bypass

7.2.6.

Prevention and Mitigation

7.3.

Clickjacking and UI Redressing

7.3.1.

Basic Clickjacking

7.3.2.

7.3.3.

7.3.4.

Drag and Drop Attacks

7.3.5.

Prevention and Mitigation

7.4.

Cross-Origin Resource Sharing Issues

7.4.1.

CORS Misconfiguration

7.4.2.

Credential Exposure

7.4.3.

Subdomain Takeover via CORS

7.4.4.

Prevention and Mitigation

7.5.

DOM-Based Vulnerabilities

7.5.1.

7.5.2.

Client-Side Path Traversal

7.5.3.

Open Redirection

7.5.4.

Prevention and Mitigation

7.6.

Web Storage Security Issues

7.6.1.

Local Storage Vulnerabilities

7.6.2.

Session Storage Risks

7.6.3.

IndexedDB Security

7.6.4.

Prevention and Mitigation

7.7.

Content Security Policy Bypass

7.7.1.

Script-src Bypass Techniques

7.7.2.

Object-src Exploitation

7.7.3.

Base-uri Manipulation

7.7.4.

Prevention and Mitigation

Previous

6. Server-Side Vulnerabilities

Go to top

Next

8. Authentication and Session Management Testing