سلام. توی این ریپازیتوری من مجموعه نوشتههام درمورد وب و اسیبپذیریهای وب رو قرار دادم. توی هر جزوه به مباحث خاصی پرداختم که در زیر به انها اشاره کردم:
- Note-01 Web Application Penetration Testing
- JavaScript
- Developer Tools
- Variables
- Operations
- Operand
- if/else if/else (conditions)
- Data Types
- Arrays
- Loops
- Functions
- Browser APIs
- Document Object Model (DOM)
- DOM APIs
- Cookie/Local Storage/Session Storage
- MySQL
- What is Database ?
- What is SQL database ?
- What is NoSQL database ?
- What is ORM ?
- How to create a database in MySQL ?
- How to create tables ?
- Columns
- Data types in SQL
- JavaScript
- Note-02 Web Application Penetration Testing
- MySQL
- Tables in SQL database
- SELECT command
- ORDERing results
- PHP
- What is PHP ?
- How to install PHP in Windows and Linux ?
- echo
- Variables in PHP
- if/else if/else (conditions)
- What is Type Juggling vulnerability ?
- Loops
- foreach
- continue and break
- HTTP
- What is HTTP ?
- Request/Response headers
- URL structure
- HTTP packet structure
- Connection in HTTP
- Virtual Hosting
- TLS handshake
- HTTP different versions
- Methods in HTTP (GET, POST, HEAD, OPTIONS, ...)
- Status codes
- PHP
- Global Variables
- $_GET
- $_POST
- $_REQUEST
- MySQL
- Note-03 Web Application Penetration Testing
- PHP
- $_SERVER
- HTTP Reuqest in PHP
- $_FILES
- built-in functions in PHP (var_dump, end, explode, ...)
- require_once, include_once, require, include
- htmlspecialchars
- a very simple XSS attack
- OOP in PHP
- Serialization and Deserialization
- Connecting to database via mysqli
- a very simple SQL Injection attack
- What is PDO ?
- TLS
- Transport Layer Security (TLS)
- Encryption Algorithms
- Asymmetric encryption
- TLS Handshake
- Well-known misconfigurations and vulnerabilities in web encryption system (Sweet32, Racoon Attack, Heartbleed, ...)
- Tools to test TLS (Sslyze, testSSL, SSLScan, ...)
- PHP
- Note-04 Web Application Penetration Testing
- Proxy
- Reverse Proxy
- WAF
- CDN
- Web OSINT Tools
- 30 Tools to gather information about targets like gobuster, ffuf, wafw00f, ...
- DNS and DNS Records
- FZZING Tools
- Finding Real IP Behind CDN
- New Technologies like VueJS, Webpack, ReactJS
- New Technologies like Laravel, Django, ...
- Monolithic and Microservices Architecture
- Microservices like memcached, redis, elasticsearch, kibana, mongoDB, ...
- Note-05 Web Application Penetration Testing
- Authentication
- Single-Factor Authentication
- Multi-Factor Authentication
- Authorization
- HTTP Basic Authentication
- Digest Authentication
- Session-Based Authentication
- Username Enumeration Vulnerability
- Cookies
- Session
- Session Fixation Vulnerability
- Hash and Hash Functions
- Hash-Based Message Authentication Code or HMAC
- Token-Based Authentication/Authorization
- JWT or Json Web Token
- JWT attacks
- JWT attack tools
- JWT BurpSuite Extensions
- CIA Concept
- SSO Concept
- SAML
- OAuth
- OpenID Connect or OIDC
- Note-06 Web Application Penetration Testing
- HTML Injection a.k.a HTMLi
- Ifram Injection
- SMTP Injection
- HTTP Parameter Pollution a.k.a HPP
- OS Command Injection
- Code Injection
- Server-Side Include Injection a.k.a SSII
- SQL Injection
- In-Band SQL Injection
- Error-Based SQL Injection
- Union-Based SQL Injection
- Blind SQL Injection
- Time-Based Blind SQLi
- Boolean-Based Blind SQLi
- What is SQLmap and how we can use it ?
- Note-07 Web Application Penetration Testing
- SPF Record
- Email Spoofing
- What is CAPTCHA
- CAPTCHAs security flaws
- reCAPTCHA, hCAPTCHA
- Image Processing and OCR with python to bypass CAPTCHAs
- What is Rumola
- What is Sentry MBA
- Weak Password and Password Attacks
- Password Guessing
- What is CUPP and how to use it ?
- What is CeWL and how to use it ?
- Brute-Force Attack
- What is Crunch and how to use it ?
- Password Spray
- Dictionary Attack
- Rainbow Table Attack
- What is Burp Intruder ?
- How to use Burp Intruder for Password Attacks ?
- Note-08 Web Application Penetration Testing
- What is CSRF Attack
- What are CSRF Attack impacts ?
- Types of CSRF Attack
- Where and how can you find CSRF vulnerability ?
- How can you exploit CSRF vulnerability ?
- Talking about CSRF Attack obstacles
- How to bypass CSRF Attack obstacles
- What is CSRF Token and its lifecycle
- Solving PortSwigger challenges about CSRF Attack
- What is SameSite attribute in cookies ?
- What does Site mean in web-terms ?
- What does Origin mean in web-terms ?
- How to config SameSite in Apache and Nginx ?
- How can old/current password stop CSRF Attack ?
- What is Refere header and how it can stop CSRF Attack?
- What is __VIEWSTATE in ASP.NET and how it can stop CSRF Attack ?
- What is Clickjacking Attack ?
- Why Clickjacking Attack happens ?
- Impact of Clickjacking Attack
- Types of Clickjacking Attack
- Where can we find Clickjacking vulnerability ?
- How can we find Clickjacking vulnerability ?
- Obstacles of Clickjacking Attack
- What is X-Frame-Options header ?
- What is Content-Security-Policy (CSP) ?
- What is Frame-Killer or Frame-Busting ?
- How we can do CSRF Attack with Clickjacking vulnerability ?
- What is Watering Hole Attack ? (Beef Framework)
- Note-09 Web Application Penetration Testing
- XSS History
- What is XSS vulnerability ?
- XSS Impacts
- XSS types
- Where can you find XSS ?
- How to exploit XSS ?
- XSS exploitation obstacles
- What is CSP ?
- HttpOnly and Secure cookies flag
- Types of WAF Detection methods
- XSS Filter Evasion
- XSS Mitigations
- What is Reflected XSS ?
- What is Stored XSS ?
- What is DOM-Based XSS ?
- What is Blind XSS ?
- What is Self XSS ?
- What is BEEF Framework ?
- Note-10 Web Application Penetration Testing
- What is IDOR vulnerability
- What is Host Header ?
- What is Host Header Injection ?
- What is Password reset poisoning attack ?
- What is Web cache poisoning attack ?
- What is Same Origin Policy (SOP) ?
- What is Cross-Origin Resource Sharing (CORS) ?
- What is Simple Request ?
- What is Preflight Request ?
- CORS headers explained
- What is XMLHttpRequest (XHR) ?
- CORS Misconfigurations
- How to exploit vulnerable CORS ?
- Note-11 Web Application Penetration Testing
- include, require, include_once, require_once, fopen in PHP
- What is File Inclusion vulnerability ?
- Why File Inclusion vulnerability happens ?
- Impacts of File Inclusion
- What is Local File Inclusion (LFI)?
- What is Remote File Inclusion (RFI)?
- How to prevent LFI/RFI ?
- What is Object Oreinted Programming (OOP)?
- What is Serialization ?
- What is Deserialization ?
- What is Insecure Deserialization vulnerability ?
- What is PHP Object Injection vulnerability ?
- What is Property Oreinted Programming (POP) Chain ?
- What is XML ?
- What is XML DTD ?
- What is XML eXternal Entity (XXE) Injection vulnerability ?