- This is an ever-growing checklist that expands with my never-ending learning. 🤓
- Links to supplementary resources or credits are added within the notes.
- I'm no expert, so feel free to raise a PR with any corrections.
- OWASP Top 10
- XSS, CSP
- CSRF, CORS, SOP
- Open redirect
- SSRF
- SQLi
- NoSQLi
- XPATHi
- XXE
- LFI, RFI
- SSTI
- JWT
- Broken Access Control, IDOR
- Clickjacking
- Business Logic Flaws
- Race Conditions
- HTTP Host header Attacks
- OAuth 2.0
- SAML
- Web Socket Vulnerabilities
- Insecure deserialization
- Prototype Pollution
- HTTP Request Smuggling
- Web Cache Poisoning
- DOM vulnerabilities
- OWASP Top 10
- Android
- iOS
- OWASP Top 10
- REST API
- GraphQL
- Thick/Heavy/Rich/Fat client
- Concepts - ShiftLeft, Agile, CI/CD, SAST/SCA
- Docker Security
- Kubernetes Security
- Threat Modeling
- Common ports and services
- Password cracking
- Windows
- Linux
- Vanilla/Simple stack BoF
- Pivoting and tunneling
- AS REP roasting
- Kerberoasting
- GPP credentials
- Golden Ticket
- Silver Ticket
- Wifi WPA2
