Path or roadmap to follow for learning web application security and penetration testing.
-
Complete portswigger web security academy learning path.
- SQL Injection -SS
- Authentication -SS
- Directory Traversal -SS
- Command Injection -SS
- Business Logic Vulnerabilities -SS
- Information Disclosure -SS
- Access Control -SS
- SSRF -SS
- XXE Injection -SS
- XSS -CS
- CSRF -CS
- CORS -CS
- Clickjacking -CS
- DOM-Based Vulnerabilities -CS
- WebSockets -CS
- Insecure Deserialization -AD
- Server Side Template Injection -AD
- Web Cach Poisoning -AD
- HTTP Host Header Attacks -AD
- HTTP Request Smuggling -AD
- OAuth Authetication -AD
-
SS: Server Side, CS: Client Side, AD: Advanced