Step-by-step methodology for testing 23 common web vulnerabilities. Each guide includes detection techniques, payload examples, and links to generators.
Learn how to test for reflected, stored, and DOM-based XSS vulnerabilities with step-by-step methodology, payload examples, and remediation guidance.
Step-by-step guide to testing for SQL injection vulnerabilities including error-based, blind, time-based, and UNION-based techniques.
Learn how to identify and exploit Server-Side Request Forgery (SSRF) vulnerabilities to access internal services, cloud metadata, and bypass network restrictions.
Step-by-step guide to finding and exploiting OS command injection vulnerabilities using command separators, inline execution, and blind techniques.
Comprehensive guide to testing file upload functionality for web shell uploads, extension bypasses, content-type manipulation, and path traversal.
Learn how to test JSON Web Token implementations for algorithm confusion, signature bypass, claim manipulation, and key disclosure vulnerabilities.
Guide to finding Insecure Direct Object Reference (IDOR) vulnerabilities by testing access controls on object references like IDs, filenames, and UUIDs.
Learn how to test for XML External Entity (XXE) injection to read local files, perform SSRF, and exfiltrate data via out-of-band channels.
Step-by-step guide to testing for Server-Side Template Injection across Jinja2, Twig, Freemarker, and other template engines with detection and exploitation techniques.
Learn how to find and exploit open redirect vulnerabilities for phishing, OAuth token theft, and SSRF chaining with bypass techniques for common filters.
Learn how to find and exploit CORS misconfigurations — reflected origins, null origin, weak regex, and credentialed cross-origin reads — with a step-by-step methodology and ready-to-use test requests.
Learn how to test for BOLA (Broken Object Level Authorization) — API #1 on the OWASP API Security Top 10 — by manipulating object identifiers across user contexts to access data you should not see.
Learn how to find and exploit race conditions — TOCTOU flaws, limit-overrun, and double-spend — using parallel and single-packet techniques, with concurrent-request scripts you can adapt.
Learn how to test authentication for bypasses — default credentials, JWT flaws, session weaknesses, and broken password-reset and MFA flows — with a structured methodology and concrete checks.
Learn how to test for privilege escalation — both horizontal (cross-user) and vertical (role elevation) in web apps, plus OS-level privesc after a foothold — with a clear methodology and checks.
Learn how to bypass a Web Application Firewall during authorized testing: fingerprint the WAF, find the filter boundary, then defeat it with encoding, case and comment tricks, and payload mutation. Step-by-step methodology with copy-ready examples.
Learn how to test SAML single sign-on for security flaws: decode and understand the assertion, then test XML Signature Wrapping (XSW), signature stripping, XXE in the SAML parser, and recipient/audience confusion. Step-by-step methodology with examples.
Learn how to test GraphQL APIs for security flaws: introspection exposure, batching and aliasing abuse, injection through resolvers, broken authorization, and denial-of-service via deeply nested queries.
Step-by-step guide to testing for NoSQL injection in MongoDB and similar databases, covering operator injection ($ne, $gt, $where), authentication bypass, and blind data extraction.
Learn how to test for Cross-Site Request Forgery (CSRF) vulnerabilities, including missing token checks, weak SameSite cookies, method and Content-Type bypasses, and building a working proof-of-concept.
Identify and crack password hashes with hashcat and John the Ripper — hash identification, attack modes, rules, masks, and wordlist strategy for authorized engagements.
Use Google dorks for passive reconnaissance — find exposed files, login portals, config leaks, and forgotten subdomains with advanced search operators, ethically and in scope.
Test REST and GraphQL APIs against the OWASP API Security Top 10 — broken object/function-level authorization, mass assignment, excessive data exposure, and rate-limit flaws.