Portswigger Web Security

###### `portswiger` `webSecurity` ## Server-side ### [SQL injection](/bEvD9yHKQWCYlIwot2w4og) ### [Command Injection](/Y0z1HiZjQwK0IzK9VYlk9g) ### [Authentication Bypass - 2](/x6xk3T85Qi2Q8u1ZMq2KvQ) ### [Path Traversal](/G2ckQsiwS8KIoKOYX8VJRA) ### [Access Control - 1](/1dN42VjGQqS1dQTrmDQI0A) ### [Business Logic Flaw - 1](/hdWThTv3S_ioGmODfp6-Kg) ### [Server Side Request Forgery - 1](/WqcpyRZoSf6gxxsfgsIUdQ) ### [Information Disclose - 1](/e8f9o4FPSeiMVDHavNJI9w) ### [File Uploads Vulnerability](/0_wtYjFYQXSsYyhJwn0hoQ) ### [XML External Entity Injection](/xvKjEZlGR2qsZkKirjuO1w) ### [NoSQL Injection](/QFw9gv-pRW2YlQaNIR2z4g) ### [API Testing - 1](/4MBNGxXESrGjTG8wZGVsAQ) ### [Web Cache Deception](/niNfs3JaSqO2Vpa5lFGtGQ) ### [Race Conditions](/uAiLqvhVRVCABMZlrPE_PA) 待補 ## Client-Side ### [Cross-Site Scripting XSS](/B0rv7KJ6QFebaZ9SE5fV5g) ### [Cross-origin resource sharing CORS](/Pn4D2HPlTPySWmxORkPp8Q) ### [DOM-base Vulnerability](/_8Flo1h4SkChYlFzTkXp6Q) ### [Cross Site Request Forgery CSRF](/-g6foOkPQ4WmoODsPF6F1w) ### [Web Socket](/g3QySH8bRBy3fWPp6ZdpmA) ## Advanced ### [OAuth 2.0 authentication vulnerabilities](/WmalDPLhTSy_Bk-HF_Vreg) ### [Web LLM Attack](/NubKQZXkTpOdCOUKPPmkSg) ### [Insecure Deserialization](/7FpY1Es6T6qmE9VeNNr74w) ### [Server Side Template Injection](/9wuC_QJkSDGNe89L6HO2TA) ### [Web cache poisoning](/4NHL-0H_RlGQiosvT5OwoQ) ### [HTTP Host Header Attack](/f8zgwmm9TVq35ExeK7EXVg) ### [HTTP request smuggling](/MwXi2gJRTZS-k4JsuPj5Ow) ### [Prototype pollution](/VzTMQSpBRAupJPu_-moIXw) ### [Obfuscation Attack using encoding](/U3h0MVOvSmKh-95A9ZGHgQ) ### [burpsuite Scanner](/ZeDvdWdyQD2qUW81f5qKfQ) ------------------------------------------- # Web Penetration Testing Reference - [BurpSuite Document](https://portswigger.net/burp/documentation/desktop) ## [Testing flows](/WGwQcE3mQSeg058349Kjsg) ## [Burp suite Tools](/fwtGNU4mQWK1n8lILcewaQ) ## [Burp suite Setting](/xpa272uOTi-VzPmSJC42lw) Waiting for organizing [Dynamic Application Security Testing](/g309p0AjT-ShNxkzgz2Mqw) [Burp collaborator](/CR8ndXmoSUmYBwvrXZBssA) [Burpsuite extension](/Ok5p-JWIRIu9gee-NO_Cgg) ---- [CTF](/yWzvDkdRRS-WfQDMenXrpA) [hackerOne](/Vu7IXRADQLygLHt0dxjUpA) ---- [HTTP Header cheat cheet](/2AMIEhr3RySqp9GAjjo7Mg) [Cheat sheet (web links)](/QNXBbZJgSImS28EKbjs5Sw) [Working with HTTP/2 in Burp Suite](/c-EBQ2QMQYGn6JgGPDBU7Q) (代閱讀) [burpsuite 問題解決](/ZwanGoCISNOCKehAlJ9Q1Q) --- # Basic Template ### LAB - ?? Valid Credential: #### Enumeration & Analysis Attack Surface (Actions-Options) - SiteMap - Content Discover - Find Script - Dynamic Parameter (Attacker Surface ) #### Identify **Investigation** **Flaw Design** **Defense Mechanism ** **Bypass** #### Exploit