1. Web Security Academy
  2. All materials
  3. Detailed

All learning materials - detailed

Cross-site request forgery (CSRF)
     What is CSRF?
     What is the impact of a CSRF attack?
     How does CSRF work?
     How to construct a CSRF attack
     How to deliver a CSRF exploit
     Preventing CSRF attacks
     Common CSRF vulnerabilities
          Validation of CSRF token depends on request method
          Validation of CSRF token depends on token being present
          CSRF token is not tied to the user session
          CSRF token is tied to a non-session cookie
          CSRF token is simply duplicated in a cookie
     Referer-based defenses against CSRF
          Validation of Referer depends on header being present
          Validation of Referer can by circumvented
     Defending against CSRF with SameSite cookies
     XSS vs CSRF
          What is the difference between XSS and CSRF?
          Can CSRF tokens prevent XSS attacks?
     CSRF tokens
          What are CSRF tokens?
          How should CSRF tokens be generated?
          How should CSRF tokens be transmitted?
          How should CSRF tokens be validated?
Server-side request forgery (SSRF)
     What is SSRF?
     What is the impact of SSRF attacks?
     Common SSRF attacks
          SSRF attacks against the server itself
          SSRF attacks against other back-end systems
     Circumventing common SSRF defenses
          SSRF with blacklist-based input filters
          SSRF with whitelist-based input filters
          Bypassing SSRF filters via open redirection
     Blind SSRF vulnerabilities
     Finding hidden attack surface for SSRF vulnerabilities
          Partial URLs in requests
          URLs within data formats
          SSRF via the Referer header
     Blind SSRF vulnerabilities
          What is blind SSRF?
          What is the impact of blind SSRF vulnerabilities?
          How to find and exploit blind SSRF vulnerabilities
XML external entity (XXE) injection
     What is XML external entity injection?
     How do XXE vulnerabilities arise?
     What are the types of XXE attacks?
     Exploiting XXE to retrieve files
     Exploiting XXE to perform SSRF attacks
     Blind XXE vulnerabilities
     Finding hidden attack surface for XXE injection
          XInclude attacks
          XXE attacks via file upload
          XXE attacks via modified content type
     How to find and test for XXE vulnerabilities
     How to prevent XXE vulnerabilities
     XML entities
          What is XML?
          What are XML entities?
          What is document type definition?
          What are XML custom entities?
          What are XML external entities?
     Finding and exploiting blind XXE vulnerabilities
          What is blind XXE?
          Detecting blind XXE using out-of-band (OAST) techniques
          Exploiting blind XXE to exfiltrate data out-of-band
          Exploiting blind XXE to retrieve data via error messages
          Exploiting blind XXE by repurposing a local DTD
               Locating an existing DTD file to repurpose
SQL injection
     What is SQL injection?
     Retrieving hidden data
     Subverting application logic
     Retrieving data from other database tables
     Examining the database
     Blind SQL injection vulnerabilities
     Detecting SQL injection vulnerabilities
     SQL injection in different parts of the query
     Second-order SQL injection
     Database-specific factors
     Preventing SQL injection
     SQL injection UNION attacks
          Determining the number of columns required in an SQL injection UNION attack
          Finding columns with a useful data type in an SQL injection UNION attack
          Using an SQL injection UNION attack to retrieve interesting data
          Retrieving multiple values within a single column
     Examining the database in SQL injection attacks
          Querying the database type and version
          Listing the contents of the database
               Equivalent to information schema on Oracle
     SQL injection cheat sheet
          String concatenation
          Database version
          Database contents
          Conditional errors
          Batched (or stacked) queries
          Time delays
          Conditional time delays
          DNS lookup
          DNS lookup with data exfiltration
     Blind SQL injection
          Exploiting blind SQL injection by triggering conditional responses
          Inducing conditional responses by triggering SQL errors
          Exploiting blind SQL injection by triggering time delays
          Exploiting blind SQL injection using out-of-band (OAST) techniques
Cross-site scripting
     What is cross-site scripting (XSS)?
     How does XSS work?
     What are the types of XSS attacks?
     Reflected cross-site scripting
     Stored cross-site scripting
     DOM-based cross-site scripting
     What can XSS be used for?
     Impact of XSS vulnerabilities
     How to find and test for XSS vulnerabilities
     How to prevent XSS attacks
     Common questions about cross-site scripting
     Reflected cross-site scripting
          Impact of reflected XSS vulnerabilities
          Reflected XSS in different contexts
          Finding reflected XSS vulnerabilities
     Cross-site scripting contexts
          XSS between HTML tags
          XSS in HTML tag attributes
          XSS into JavaScript
               Terminating the existing script
               Breaking out of a JavaScript string
               Making use of HTML-encoding
               XSS in JavaScript template literals
     Stored cross-site scripting
          Impact of stored XSS vulnerabilities
          Stored XSS in different contexts
          Finding stored XSS vulnerabilities
     DOM-based cross-site scripting
          Testing for DOM-based cross-site scripting
               Testing HTML sinks
               Testing JavaScript execution sinks
          Exploiting DOM XSS with different sources and sinks
          DOM XSS combined with reflected and stored data
     Exploiting cross-site scripting vulnerabilities
          Exploiting cross-site scripting to steal cookies
          Exploiting cross-site scripting to capture passwords
          Exploiting cross-site scripting to perform CSRF
OS command injection
     What is OS command injection?
     Executing arbitrary commands
     Useful commands
     Blind OS command injection vulnerabilities
          Detecting blind OS command injection using time delays
          Exploiting blind OS command injection by redirecting output
          Exploiting blind OS command injection using out-of-band (OAST) techniques
     Ways of injecting OS commands
     Preventing OS command injection
File path traversal
     What is file path traversal?
     Reading arbitrary files via directory traversal
     Common obstacles to exploiting file path traversal vulnerabilities
     Preventing directory traversal vulnerabilities

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login