Learn
Here you will find a collection of my educational articles I wrote on common web vulnerabilities. Learn practical techniques to identify, exploit, and defend against them.
Web Cache Poisoning
Web Cache PoisoningWeb cache poisoning is a powerful yet often missed vulnerability. It lets attackers trick caching systems into storing and serving ...
Read More
XXE Injection
XXE InjectionXXE Injection stands for XML External Entity (XXE) injection. This vulnerability is about how your web application handles XML input, and...
Read More
Race Conditions
Race ConditionsRace conditions represent one of the most fascinating and elusive classes of web vulnerabilities. They exist at the intersection of bus...
Read More
File Upload Vulnerabilities
File Upload VulnerabilitiesFile upload functionality is everywhere. From profile pictures to document sharing, virtually every modern web application ...
Read More
Access Control
Access ControlAccess control vulnerabilities are like finding the keys to the kingdom hidden under the doormat. They're not fancy zero-days or complex...
Read More
SQL Injection
SQL InjectionSQL injection remains one of the most ancient and dangerous web security vulnerabilities, and my personal favorite. Despite being known f...
Read More
OS Command Injection
OS Command InjectionImagine clicking a button on a website to generate a PDF report, and instead of just creating your document, that simple action gr...
Read More
Path Traversal
Path TraversalWhen you navigate your computer's file explorer, you're moving through directories in a structured manner. But what if a web application...
Read More
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF)Picture this: You're logged into your bank account in one browser tab while browsing the web in another. You click on...
Read More
Cross-Site Scripting (XSS)
CRoss-Site Scripting (XSS)Cross-Site Scripting (XSS) remains one of the most prevalent web application security vulnerabilities despite being well-kno...
Read More
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) TestingServer-Side Request Forgery (SSRF) vulnerabilities occur when an attacker can manipulate a server into makin...
Read More