All learning materials

See detailed view

Web cache poisoning
	Exploiting web cache poisoning vulnerabilities
DOM-based vulnerabilities
	Controlling the web-message source
	DOM-based open redirection
	DOM-based cookie manipulation
	DOM-based JavaScript injection
	DOM-based document-domain manipulation
	DOM-based WebSocket-URL poisoning
	DOM-based link manipulation
	Web-message manipulation
	DOM-based Ajax request-header manipulation
	DOM-based local file-path manipulation
	DOM-based client-side SQL injection
	DOM-based HTML5-storage manipulation
	DOM-based client-side XPath injection
	DOM-based client-side JSON injection
	DOM-data manipulation
	DOM-based denial of service
	DOM clobbering
Access control vulnerabilities and privilege escalation
	Access control security models
	Insecure direct object references (IDOR)
Cross-origin resource sharing (CORS)
	Same-origin policy (SOP)
	CORS and the Access-Control-Allow-Origin response header
SQL injection
	SQL injection UNION attacks
	Examining the database in SQL injection attacks
	Blind SQL injection
	SQL injection cheat sheet
Cross-site scripting
	Reflected XSS
	Cross-site scripting contexts
		AngularJS sandbox
	Cross-site scripting (XSS) cheat sheet
	Stored XSS
	DOM-based XSS
	Exploiting cross-site scripting vulnerabilities
	Content security policy
	Dangling markup injection
	How to prevent XSS
Cross-site request forgery (CSRF)
	Defending against CSRF with SameSite cookies
	XSS vs CSRF
	CSRF tokens
XML external entity (XXE) injection
	XML entities
	Finding and exploiting blind XXE vulnerabilities
Clickjacking (UI redressing)
Server-side request forgery (SSRF)
	Blind SSRF vulnerabilities
HTTP request smuggling
	Finding HTTP request smuggling vulnerabilities
	Exploiting HTTP request smuggling vulnerabilities
OS command injection
Directory traversal
Testing for WebSockets security vulnerabilities
	What are WebSockets?
	Cross-site WebSocket hijacking

Want to track your progress and have a more personalized learning experience? (It's free!)