My notes about web pentesting
Categories:
- Information gathering, with specific additions for web applications;
- Fuzzing using ffuf;
- JavaScript deobfuscation;
- XSS;
- SQL injection;
- SQLMap;
- Command injection;
- File upload attacks;
- Server side attacks (SSRF, SSI, SSTI, XSLT injection);
- Login brute force;
- Broken authentication;
- HTTP verb tampering;
- IDOR;
- XML External Entity Injection;
- File inclusion;
- Session security;
- Web services and API attacks;
- WordPress hacking.