All learning materials

Cross-origin resource sharing (CORS)
	Same-origin policy (SOP)
	CORS and the Access-Control-Allow-Origin response header
Clickjacking (UI redressing)
Testing for WebSockets security vulnerabilities
	What are WebSockets?
	Cross-site WebSocket hijacking
HTTP request smuggling
	Finding HTTP request smuggling vulnerabilities
	Exploiting HTTP request smuggling vulnerabilities
SQL injection
	SQL injection UNION attacks
	Examining the database in SQL injection attacks
	Blind SQL injection
	SQL injection cheat sheet
Cross-site scripting
	Reflected XSS
	Cross-site scripting contexts
	Cross-site scripting (XSS) cheat sheet
	Stored XSS
	DOM-based XSS
	Exploiting cross-site scripting vulnerabilities
Cross-site request forgery (CSRF)
	Defending against CSRF with SameSite cookies
	XSS vs CSRF
	CSRF tokens
XML external entity (XXE) injection
	XML entities
	Finding and exploiting blind XXE vulnerabilities
Server-side request forgery (SSRF)
	Blind SSRF vulnerabilities
OS command injection
Directory traversal

Want to track your progress and have a more personalized learning experience? (It's free!)