Tactics, Techniques, and Procedures
Personal BlogTwitterGitHubContact
Search
⌃K
Links
Tactics, Techniques, and Procedures
☠
Pentesting
Fortress
Infrastructure
Initial Access
OSINT
Web Applications
Access Control
APIs
Authentication
Clickjacking
CORS
Cross Site Request Forgery (CSRF)
File Upload
Google Dorking
GraphQL
HTTP Request Smuggling
Insecure Direct Object Reference (IDOR)
Injection Vulnerabilities
JSON Web Tokens (JWT)
Local File Inclusion (LFI)
OAuth
Open Redirection
Password Reset Poisoning
Prototype Pollution
Race Condition
Rate Limit Bypass
Remote Code Execution (RCE)
Remote File Inclusion (RFI)
Suspicious Parameters
Tooling
WAF Bypasses
WebSockets
Web Cache Deception
Web Cache Poisoning
Wireless
Cloud
🧨
Red Teaming
C2
Malware Dev
Offensive Infrastructure
Offensive Tactics
📖
Resources
Blog Posts and Goodies
Checklists
Offensive Security Notes
Tooling Repository
Powered By GitBook

Web Applications

Here are the articles in this section:
Access Control
APIs
Authentication
Clickjacking
CORS
Cross Site Request Forgery (CSRF)
File Upload
Google Dorking
GraphQL
HTTP Request Smuggling
Insecure Direct Object Reference (IDOR)
Injection Vulnerabilities
JSON Web Tokens (JWT)
Local File Inclusion (LFI)
OAuth
Open Redirection
Password Reset Poisoning
Prototype Pollution
Race Condition
Rate Limit Bypass
Remote Code Execution (RCE)
Remote File Inclusion (RFI)
Suspicious Parameters
Tooling
WAF Bypasses
WebSockets
Web Cache Deception
Web Cache Poisoning
Previous
Search Engines
Next
Access Control
Last modified 1mo ago