Explore
Web Security
Securing web applications and APIs.
More in Web Security
Web Application Firewall (WAF)
What is a WAF? A WAF (Web Application Firewall) is a security solution that operates at OSI Layer 7 (the...
Web Shells and Reverse Shells
1. Web Shells: The Master Key to the Web Server
Secure Code Review
Secure Code Review: Reading Code Through an Attacker’s Eyes in JavaScript and Node.js
HTTP Status Codes
HTTP Status Codes
Browser Extension Penetration Test
Browser Extension Security
JWT Penetration Test
Core JWT Vulnerability Analysis and Attack Scenarios
Simple Object Access Protocol (SOAP)
1. Basic Concepts of SOAP
File Upload Feature Penetration Test
When a file upload feature is present, you should check the following items. Fundamentally, from a developer’s perspective, a whitelist...
Dissecting HTTP Headers
Web Penetration Testing: Dissecting HTTP Headers
Cookie & Seession Security
Differences Between Cookies and Sessions
OWASP Top 10 - 2021
2021 Top 10 Web Application Security Risks
OWASP Top 10 - 2017
2017 Top 10 Web Application Security Risks A1:Injection
Injection Attacks Beyond SQL and XXS
1. Command Injection: The Shell is the Limit
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF): When Your Server Becomes an Attacker’s Proxy
Cross-Site Request Forgery (CSRF)
The Cross-Site Request Forgery (CSRF) Attack
Cross-Site Scripting Attack (XXS)
The Cross-Site Scripting Attack
SQL Injection
SQL Injection: When Data Becomes Code