portswigger 29
- Insecure deserialization - Theory
- Insecure deserialization - Practice
- Information disclosure
- Path traversal
- 4. Server-side parameter pollution
- 3. Mass assignment vulnerabilities
- 2. Identifying and interacting with API endpoints
- 1. API recon and documentation
- 9. SQLi prevention
- 8. Second-order SQLi
- 7. SQLi in different contexts
- 5. Out-of-band Application Security Techniques
- 5. Time-delayed SQLi
- 4. Error-based SQLi
- 3. Blind SQLi
- 2. SQLi UNION attacks
- 1. SQLi introduction
- Authentication - Password reset broken logic
- Access control - UID controlled by request parameter
- Access control - UID controlled by request parameter with data leakage in redirect
- Access control - Insecure Direct Object References
- 7. SQL injection
- 6. OS command injection
- 5. File upload vulnerabilities
- 4. Server Side Request Forgery
- PS Access control lab - User role can be modified in user profile
- 3. Authentication
- 2. Access control
- 1. File Path Traveral