- Elearn Security - EWPT
- Elearn Security - EWPTX
- Offensive Security - AWAE
- Pentester Lab
- PortSwigger Burp Suite Certified Practitioner
S.No. | Vulnerability | Refererence |
---|---|---|
1 | Missing Strict Transport Security Header | |
2 | Missing Content Security Policy | |
3 | Missing X-Frame-Options | ClickJacking |
4 | Missing X-Content-Type-Options | |
5 | Unencrypted Communication | HacksPlaining Marking HTTP as non-secure |
6 | Information Leakage | Web Security Academy - Information disclosure Web Banner |
7 | Outdated Component | Vulnerable and Outdated Components |
8 | Insecure HTTP Method enabled | TRACE Method OPTIONS Method |
9 | Cross Site Request Forgery | Web Security Academy - CSRF PwnFunction - Cross-Site Request Forgery |
10 | OS Command Injection | |
11 | Code Injection | |
12 | Cross Site Scripting | |
13 | SQL Injection | |
14 | Weak Password Policy | |
15 | Privilege Escalation Insecure Direct Object Reference |
|
16 | Missing Cookie Flags | |
17 | User Enumeration | |
18 | Missing Rate Limit/BruteForce | |
19 | Host Header Injection Password Reset Poisoning |
|
20 | Insecure File Upload | |
21 | Directory Traversal | |
22 | LFI | |
23 | RFI | |
24 | HTTP Paramter Pollution | |
25 | Session Fixation | |
26 | Session Expiration | |
27 | JWT Token | Web Security Academy - JWT Attacks |
28 | Cross Origin Resource Sharing | |
29 | XML external entity (XXE) injection | |
30 | Server-side request forgery (SSRF) | |
31 | Captcha Bypass | |
32 | OTP Bypass 2FA Bypass |
|
33 | Authentication | |
34 | Open Redirect | |
35 | OAuth | |
36 | Business logic | Web Security Academy - Business logic |