Web Application attacks

Server-side Attack

• SQL Injection
• Authentication
• Directory Traversal
• Command Injection
• Business logic vulnerabilities
• Inforamtion Disclosure
• Access Control
• File upload vulnerabilities
• Race conditions
• SSRF
• XXE

Client-side attacks

• XSS
• CSRF
• ClickJacking
• Dom-Based
• CORS
• WebSockets

Advanced

• Http Request Smuggling
• Server-side template injection
• Insecure deserialization
• OAuth Authentication
• web cache poisoning
• HTTP host header attacks
• JWT attacks
• Prototype Pollution
• GraphQL API vulnerabilities

---

• Google Dorks List
• API security
• technology of web application