Web Pentesting
Web application pen testing helps identify real-world attacks that could succeed at accessing these systems. It identifies vulnerabilities. Web application pen testing identifies loopholes in applications or vulnerable routes in infrastructure—before an attacker does. It helps confirm security policies.
-
Web Pentesting
Web application pen testing helps identify real-world attacks that could succeed at accessing these systems. It identifies vulnerabilities. Web application pen testing identifies loopholes in applicat...
-
IDOR (Insecure Direct Object Reference)
Insecure Direct Object Reference (IDOR) is a security vulnerability where an attacker can access or modify unauthorized data by manipulating input values, such as object identifiers in URLs or API req...
-
SSRF (Server Side Request Forgery)
SSRF (Server Side Request Forgery) is a vulnerability where an attacker manipulates a server to send unintended requests, often leading to unauthorized access of internal services or data.
-
IDOR - L1
Insecure Direct Object Reference (IDOR) is a security vulnerability where an attacker can access or modify unauthorized data by manipulating input values, such as object identifiers in URLs or API req...
-
SQL Injection (Basics)
SQL Injection is a cyberattack where an attacker manipulates SQL queries by injecting malicious input into a web application's database query. This exploit can allow unauthorized access, data leakage,...
-
SQL Injection (Advance)
SQL Injection is a cyberattack where an attacker manipulates SQL queries by injecting malicious input into a web application's database query. This exploit can allow unauthorized access, data leakage,...
-
HTTP request smuggling
HTTP request smuggling is a web attack technique that exploits inconsistencies in the way different servers or components (like proxies and front-end/back-end servers) handle HTTP requests. By craftin...
-
Burp Suite
Burp Suite is a powerful web vulnerability scanner and penetration testing tool used by security professionals to identify and exploit vulnerabilities in web applications. Developed by PortSwigger, it...
-
XML External Entity (XXE)
XML External Entity (XXE) is a type of attack that exploits vulnerabilities in XML parsers. It occurs when an application processes XML input that includes a reference to an external entity. By exploi...
-
Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers that controls how web pages can make requests to a different domain than the one that served the web page. It use...
-
Cross-site scripting (XSS)
Cross-site scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users. These scripts, typically written in JavaScript, can st...
-
JSON Web Token (JWT)
JSON Web Token (JWT) vulnerabilities arise when tokens used for authentication and data exchange are improperly implemented or configured. Common issues include weak signing algorithms (like `none` or...
-
Server-Side Template Injection
Server-Side Template Injection (SSTI) is a web security vulnerability that occurs when user input is unsafely embedded into a server-side template engine. Attackers exploit this by injecting malicious...
-
Broken Access Control
Broken Access Control is a security vulnerability where users can access resources or perform actions outside of their intended permissions. This occurs due to improper enforcement of access restricti...
-
Web App pentesting - (Basics)
Web application penetration testing (basics) involves assessing a web app for security vulnerabilities that could be exploited by attackers. It starts with information gathering, followed by identifyi...
-
Account Takeover
Account takeover (ATO) is a type of cyberattack where an attacker gains unauthorized access to a user's online account, often through stolen credentials, phishing, credential stuffing, or social engin...
Every challenge you skip is a skill left unmastered. Dive in, dominate, and level up!
A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).
