Menu

Close
  • Home
  • Resources
  • Linux Commands
Subscribe
Menu

web app testing

A 12-post collection

← Newer Posts Page 2 of 2

XSS - Cross Site Scripting

XSS in an input validation weakness which allows an attacker to inject a payload into a response from the application. When the payload can included HTML/ »

Chris Young Chris Young on OWASP, web app testing, XSS 13 April 2018

XXE - XML External Entity

The XML External Entity (XXE) attack is a type of attack against an application that parses XML input. An XXE attack typically occurs when XML input »

Chris Young Chris Young on OWASP, web app testing, XXE 13 April 2018

Unrestricted File Upload

Many web applications allow users to upload content. The content may be images, word documents, audio and video files etc. This upload facility however exposes a »

Chris Young Chris Young on OWASP, web app testing, File Upload 13 April 2018

SSRF - Server Side Request Forgery

Server Side Request Forgery (SSRF) is a vulnerability that describes the behaviour of a server making a request that is under the attackers control. When using »

Chris Young Chris Young on SSRF, OWASP, web app testing 13 April 2018

Basic CURL commands

List HTTP methods: curl -i -X OPTIONS http://10.10.10.57 -i flag to include protocol response headers in the output. Grab HTTP Server Banners: »

Chris Young Chris Young on web app testing, kali basics, curl 30 March 2018

DVWA - Command Injection

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks »

Chris Young Chris Young on dvwa, web app testing 28 March 2018
← Newer Posts Page 2 of 2
Information Security Consultant | Pen tester © 2021
Proudly published with Ghost