Bug Bounty

Arbitrary File Upload

Arbitrary File Upload Introduction An arbitrary file upload vulnerability is a type of security flaw that allows an atta…

CRLF Injection

CRLF Injection Introduction A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. Thi…

Cross-Site Request Forgery

Cross Site Request Forgery (CSRF) Introduction Cross-Site Request Forgery (CSRF/XSRF) is an attack that forces an end us…

Cross-Site Scripting

XSS Cheat Sheet (Basic) Introduction Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scri…

Denial Of Service

Denial of Service Introduction Denial of Service is a type of attack on a service that disrupts its normal function and …

Exposed Source Code

Exposed Source Code Introduction Source code intended to be kept server-side can sometimes end up being disclosed to use…

Host Header Injection

Host Header Injection Introduction HTTP Host header attacks exploit vulnerable websites that handle the value of the Hos…

Insecure Direct Object References

Insecure Direct Object Reference (IDOR) Introduction IDOR stands for Insecure Direct Object Reference is a security vuln…

Local File Inclusion

Local File Inclusion (LFI) Introduction Local File Inclusion is an attack technique in which attackers trick a web appli…

Mass Assignment

Mass Assignment Attack Introduction Occurs when an app allows a user to manually add parameters in an HTTP Request &…

NoSQL Injection

NoSQL injection Introduction NoSQL databases provide looser consistency restrictions than traditional SQL databases. By …

OAuth Misconfiguration

OAuth Misconfiguration Introduction The most infamous OAuth-based vulnerability is when the configuration of the OAuth s…

Open Redirect

Open Redirect Introduction Open redirection vulnerabilities arise when an application incorporates user-controllable dat…

Reflected File Download

Reflected File Download (RFD) Introduction Reflected File Download (RFD) is web based attack that extends reflected atta…

Remote File Inclusion

Remote File Inclusion (RFI) Introduction Remote file inclusion (RFI) is an attack targeting vulnerabilities in web appli…

Server Side Include Injection

Server Side Include Injection (SSI Injection) Introduction SSI (Server Side Includes) Injection is a type of web securit…

Server Side Request Forgery

Server Side Request Forgery (SSRF) Introduction Server Side Request Forgery is a web application vulnerability that allo…

SQL Injection

SQL injection Introduction It is an attack in which an attacker inserts untrusted data in the application that results i…

Web Cache Deception

Web Cache Deception Introduction Web Cache Deception is an attack in which an attacker deceives a caching proxy into imp…

Web Cache Poisoning

Web Cache Poisoning Introduction The objective of web cache poisoning is to send a request that causes a harmful respons…