Web Penetration Testing
This cheatsheet is built for Red Teamers and Penetration Testers in order to help them hunt for vulnerabilities. It is designed such that beginners can understand the fundamentals and professionals can brush up their skills with the advanced options. There are multiple ways to perform all the mentioned tasks, so we've performed and compiled this list with our experience. Please share it with your connections and send your queries and feedback directly to Hacking Articles.
Follow us on
- XXE Injection
- CSRF
- Cross-Site Scripting Exploitation
- Cross-Site Scripting (XSS)
- Unrestricted File Upload
- Open Redirect
- Remote File Inclusion (RFI)
- HTML Injection
- Path Traversal
- Broken Authentication & Session Management
- OS Command Injection
- Multiple Ways to Banner Grabbing
- Local File Inclusion (LFI)
- Netcat for Pentester
- WPScan:WordPress Pentesting Framework
- WordPress Pentest Lab Setup in Multiple Ways
- Multiple Ways to Crack WordPress login
- Web Application Pentest Lab Setup on AWS
- Web Application Lab Setup on Windows
- Web Application Pentest Lab setup Using Docker
- Web Shells Penetration Testing
- SMTP Log Poisoning
- HTTP Authentication
- Understanding the HTTP Protocol
- Broken Authentication & Session Management
- Apache Log Poisoning through LFI
- Beginner’s Guide to SQL Injection (Part 1)
- Boolean Based
- How to Bypass SQL Injection Filter
- Form Based SQL Injection
- Dumping Database using Outfile
- IDOR