All learning materials - detailed

Cross-site request forgery (CSRF)
	What is CSRF?
	What is the impact of a CSRF attack?
	How does CSRF work?
	How to construct a CSRF attack
	How to deliver a CSRF exploit
	Preventing CSRF attacks
	Common CSRF vulnerabilities
		Validation of CSRF token depends on request method
		Validation of CSRF token depends on token being present
		CSRF token is not tied to the user session
		CSRF token is tied to a non-session cookie
		CSRF token is simply duplicated in a cookie
	Referer-based defenses against CSRF
		Validation of Referer depends on header being present
		Validation of Referer can by circumvented
	Defending against CSRF with SameSite cookies
	XSS vs CSRF
		What is the difference between XSS and CSRF?
		Can CSRF tokens prevent XSS attacks?
	CSRF tokens
		What are CSRF tokens?
		How should CSRF tokens be generated?
		How should CSRF tokens be transmitted?
		How should CSRF tokens be validated?
Server-side request forgery (SSRF)
	What is SSRF?
	What is the impact of SSRF attacks?
	Common SSRF attacks
		SSRF attacks against the server itself
		SSRF attacks against other back-end systems
	Circumventing common SSRF defenses
		SSRF with blacklist-based input filters
		SSRF with whitelist-based input filters
		Bypassing SSRF filters via open redirection
	Blind SSRF vulnerabilities
	Finding hidden attack surface for SSRF vulnerabilities
		Partial URLs in requests
		URLs within data formats
		SSRF via the Referer header
	Blind SSRF vulnerabilities
		What is blind SSRF?
		What is the impact of blind SSRF vulnerabilities?
		How to find and exploit blind SSRF vulnerabilities
XML external entity (XXE) injection
	What is XML external entity injection?
	How do XXE vulnerabilities arise?
	What are the types of XXE attacks?
	Exploiting XXE to retrieve files
	Exploiting XXE to perform SSRF attacks
	Blind XXE vulnerabilities
	Finding hidden attack surface for XXE injection
		XInclude attacks
		XXE attacks via file upload
		XXE attacks via modified content type
	How to find and test for XXE vulnerabilities
	How to prevent XXE vulnerabilities
	XML entities
		What is XML?
		What are XML entities?
		What is document type definition?
		What are XML custom entities?
		What are XML external entities?
	Finding and exploiting blind XXE vulnerabilities
		What is blind XXE?
		Detecting blind XXE using out-of-band (OAST) techniques
		Exploiting blind XXE to exfiltrate data out-of-band
		Exploiting blind XXE to retrieve data via error messages
		Exploiting blind XXE by repurposing a local DTD
			Locating an existing DTD file to repurpose
SQL injection
	What is SQL injection?
	Retrieving hidden data
	Subverting application logic
	Retrieving data from other database tables
	Examining the database
	Blind SQL injection vulnerabilities
	Detecting SQL injection vulnerabilities
	SQL injection in different parts of the query
	Second-order SQL injection
	Database-specific factors
	Preventing SQL injection
	SQL injection UNION attacks
		Determining the number of columns required in an SQL injection UNION attack
		Finding columns with a useful data type in an SQL injection UNION attack
		Using an SQL injection UNION attack to retrieve interesting data
		Retrieving multiple values within a single column
	Examining the database in SQL injection attacks
		Querying the database type and version
		Listing the contents of the database
			Equivalent to information schema on Oracle
	SQL injection cheat sheet
		String concatenation
		Comments
		Database version
		Database contents
		Conditional errors
		Batched (or stacked) queries
		Time delays
		Conditional time delays
		DNS lookup
		DNS lookup with data exfiltration
	Blind SQL injection
		Exploiting blind SQL injection by triggering conditional responses
		Inducing conditional responses by triggering SQL errors
		Exploiting blind SQL injection by triggering time delays
		Exploiting blind SQL injection using out-of-band (OAST) techniques
Cross-site scripting
	What is cross-site scripting (XSS)?
	How does XSS work?
	What are the types of XSS attacks?
	Reflected cross-site scripting
	Stored cross-site scripting
	DOM-based cross-site scripting
	What can XSS be used for?
	Impact of XSS vulnerabilities
	How to find and test for XSS vulnerabilities
	How to prevent XSS attacks
	Common questions about cross-site scripting
	Reflected cross-site scripting
		Impact of reflected XSS vulnerabilities
		Reflected XSS in different contexts
		Finding reflected XSS vulnerabilities
	Cross-site scripting contexts
		XSS between HTML tags
		XSS in HTML tag attributes
		XSS into JavaScript
			Terminating the existing script
			Breaking out of a JavaScript string
			Making use of HTML-encoding
			XSS in JavaScript template literals
	Stored cross-site scripting
		Impact of stored XSS vulnerabilities
		Stored XSS in different contexts
		Finding stored XSS vulnerabilities
	DOM-based cross-site scripting
		Testing for DOM-based cross-site scripting
			Testing HTML sinks
			Testing JavaScript execution sinks
		Exploiting DOM XSS with different sources and sinks
		DOM XSS combined with reflected and stored data
	Exploiting cross-site scripting vulnerabilities
		Exploiting cross-site scripting to steal cookies
		Exploiting cross-site scripting to capture passwords
		Exploiting cross-site scripting to perform CSRF
OS command injection
	What is OS command injection?
	Executing arbitrary commands
	Useful commands
	Blind OS command injection vulnerabilities
		Detecting blind OS command injection using time delays
		Exploiting blind OS command injection by redirecting output
		Exploiting blind OS command injection using out-of-band (OAST) techniques
	Ways of injecting OS commands
	Preventing OS command injection
File path traversal
	What is file path traversal?
	Reading arbitrary files via directory traversal
	Common obstacles to exploiting file path traversal vulnerabilities
	Preventing directory traversal vulnerabilities

Want to track your progress and have a more personalized learning experience? (It's free!)