Pentest və SOC Cheat Sheet

Web Pentesting

Broken Access Control OS Command Injection SQL Injection Cross-Site-Scripting (XSS)File Upload Directory Traversal və Path Traversal CSRF XXE Clickjacking SSRF JWT (Json Web Token) Local&Remote File İnclusion 401&403 Bypass Login Bypass Open Redirect Unicode Injection Security Misconfiguration CRLF injection LDAP Injection Cookies Hacking Cross site WebSocket hijacking (CSWSH)SSTI (Server Side Template Injection)CSTI (Client Side Template Injection)XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)Registration & Takeover Vulnerabilities Regular expression Denial of Service - ReDoS Reset/Forgotten Password Bypass SAML Hücumları Reverse Tab Nabbing Web Tool - WFuzz XPATH enjeksiyonu Server-Side Includes (SSI) Injection Edge Side Inclusion Injection (ESII)Race Condition PostMessage Parameter Pollution Cache Poisoning and Cache Deception Captcha Bypass

Previous389,636,3268,3269-Pentesting LDAP NextBroken Access Control

Last updated 10 months ago