# PortSwigger-Web Security Academy ## Serve-side topics ### 1. [SQL injection](https://hackmd.io/BmrBTczeQeCjKBPS6yJfpw) <- 點這裡 ### 2. [Authentication](https://hackmd.io/szXuRJFMRA2SE5xBBitbLA) ### 3. [Directory traversal](https://hackmd.io/vz28mxytTL-WXWqUx06BIA) ### 4. [Command injection](https://hackmd.io/l7ZPeV3uR1aR3fFD8NrUww) ### 5. [Business logic vulnerablilities](https://hackmd.io/PubjGlLiRkK54QHpqNwEXA) ### 6. [Information disclosure vulnerabilities](https://hackmd.io/c536WFIiRU6ukJ2qNECZgg) ### 7. [Access control](https://hackmd.io/Hw-VJm48TyqpcHUByimy-A) ### 8. [File upload vulnerabilities](https://hackmd.io/Gxb9ckeJRFG04MYUwyoT3w) ### 9. [Server-side request forgery(SSRF)](/c_wn9ntCQNWZvk4Pxvs1tw) ### 10. [XXE injection](https://hackmd.io/VahGhpxURSKJQ_tfXcNd8Q) ## Client-side topics ### 11. [Cross-site scripting(XSS)](https://hackmd.io/PforcWyuTWaM3HgmB7UHvQ) ### 12. [Cross-site request forgery(CSRF)](https://hackmd.io/PQybs1IcQvK_nJR8do9k5w) ### 13. [Cross-origin resource sharing(CORS)](https://hackmd.io/PPc3bzCoT1Kv3ccLULVCqA) ### 14. [Clickjacking(UI redressing)](/4fALXYmoTq693CTd5nu5ew) ### 15. [DOM-based vulnerabilities](https://hackmd.io/VVBCS9gvRym-TCNe30ogMw) ### 16. [WebSockets](https://hackmd.io/DR3367rtQOagriUzl2HqJg) ## Advanced topics ### 17. [Insecure deserialization](https://hackmd.io/tOadta_BTByFBLvVR2Zypw) ### 18. [Testing GraphQL APIs](/_Nod2lVCTD-1dcKvRlUPig) ### 19. [Server-side template injection](https://hackmd.io/XVqKZfxFTDS6QSrm3VhZ1g) ### 20. [Web cache poisoning](https://hackmd.io/eSzJm-ONRQKPJTPd3ZDNlA) ### 21. [HTTP Host header attacks](https://hackmd.io/ehF--fm2S_i9Up3wbPcNeQ) ### 22. [HTTP request smuggling](https://hackmd.io/ml3_lYUwSCq-GiJ6xmbggQ) ### 23. [OAuth authentication](https://hackmd.io/Ouu-l5xPRO-rH6vSw16KLA) ### 24. [JWT attacks](https://hackmd.io/ZkfXeYXJRBuWJubne-retQ) ### 25. [Prototype pollution](https://hackmd.io/TE0jRgQyTHiiUS86vzirpA) ### 26. [Essential skills](https://hackmd.io/p3WuP2HnQgOzGWCOqRVC4w)