- Below is a list of some of the things that I will be going through(not limited to it) my 100DaysOfHacking and my experience through the journey each day.
- I will be going through Web Security during the period.
- READ : top 10 web hacking techniques
- SQL injection
- Types of SQLi
- SQLi Examples
- Examining the database
- Detecting SQL injection vulnerabilities
- SQL injection in different parts of the query
- Preventing SQLi
- Authentication
- Authentication Vulnerabilities
- Vulnerabilities in authentication mechanisms
- Vulnerabilities in password-based login
- Brute-force attacks
- Vulnerabilities in multi-factor authentication
- Two-factor authentication tokens
- Bypassing two-factor authentication
- Flawed two-factor verification logic
- Brute-forcing 2FA verification codes
- Vulnerabilities in other authentication mechanisms.
- Resetting Passwords
- Password reset poisoning
- Constructing a password reset poisoning attack
- Securing authentication mechanisms
- Directory Traversal
- OS Command Injection
- Business Logic Vulnerabilities
- Examples Of Business Logic Vulnerabilities
- Information Disclosure
- Information Disclosure
- Exploiting Information Disclosure Vulnerabilities
- Access Control
- Access Control Vulnerabilities
- IDOR
- Access Control Security Models
- Server-Side Request Forgery
- XXE Injection
- Blind XXE
- SQL injection
- Authentication vulnerabilities
- Directory Traversal
- OS Command Injection
- Business Logic Vulnerabilities
- Information Disclosure
- Access Control
- Server-Side Request Forgery
- XXE Injection
- Cross-Site Scripting (xss)
- Reflected XSS
- Stored XSS
- DOM-based XSS
- XSS concepts
- Cross-Site Request Forgery (CSRF)
- Working of CSRF
- Constructing a CSRF attack
- Delivering a CSRF exploit
- Preventing CSRF attacks
- Common CSRF attacks
- Validation of CSRF
- Referer-based defenses against CSRF
- Cross-Origin Resource Sharing (CORS)
- Same-origin policy (SOP)
- CORS and the Access-Control-Allow-Origin response header
- Clickjacking
- DOM-Based vulnerabilities
- Controlling the web-message source
- DOM-based open redirection
- DOM-based cookie manipulation
- DOM-based JavaScript injection
- DOM-based document-domain manipulation
- DOM-based WebSocket-URL poisoning
- DOM-based link manipulation
- Web-message manipulation
- DOM-based Ajax request-header manipulation
- DOM-based local file-path manipulation
- DOM-based client-side SQL injection
- DOM-based HTML5-storage manipulation
- DOM-based client-side XPath injection
- DOM-based client-side JSON injection
- DOM-data manipulation
- DOM-based denial of service
- DOM clobbering
- Websockets
- What are WebSockets?
- Cross-site WebSocket hijacking
- Cross-Site Scripting (xss)
- Cross-Site Request Forgery (CSRF)
- Cross-Origin Resource Sharing (CORS)
- Clickjacking
- DOM-Based vulnerabilities
- Websockets
- Insecure Deserialization
- Exploiting insecure deserialization vulnerabilities
- Server-side template injection (SSTI)
- Web cache poisoning
- HTTP Host header aattacks
- HTTP request smuggling
- OAuth authentication