$loading...
Step-by-step methodology for testing 10 common web vulnerabilities. Each guide includes detection techniques, payload examples, and links to generators.
Learn how to test for reflected, stored, and DOM-based XSS vulnerabilities with step-by-step methodology, payload examples, and remediation guidance.
Step-by-step guide to testing for SQL injection vulnerabilities including error-based, blind, time-based, and UNION-based techniques.
Learn how to identify and exploit Server-Side Request Forgery (SSRF) vulnerabilities to access internal services, cloud metadata, and bypass network restrictions.
Step-by-step guide to finding and exploiting OS command injection vulnerabilities using command separators, inline execution, and blind techniques.
Comprehensive guide to testing file upload functionality for web shell uploads, extension bypasses, content-type manipulation, and path traversal.
Learn how to test JSON Web Token implementations for algorithm confusion, signature bypass, claim manipulation, and key disclosure vulnerabilities.
Guide to finding Insecure Direct Object Reference (IDOR) vulnerabilities by testing access controls on object references like IDs, filenames, and UUIDs.
Learn how to test for XML External Entity (XXE) injection to read local files, perform SSRF, and exfiltrate data via out-of-band channels.
Step-by-step guide to testing for Server-Side Template Injection across Jinja2, Twig, Freemarker, and other template engines with detection and exploitation techniques.
Learn how to find and exploit open redirect vulnerabilities for phishing, OAuth token theft, and SSRF chaining with bypass techniques for common filters.