LinkedInGithub
Edit

User inputs

APIArbitrary file downloadContent-Type jugglingCRLF injectionCSRF (Cross-Site Request Forgery)Directory traversalHTTP parameter pollutionIDOR (Insecure Direct Object Reference)Insecure deserializationInsecure JSON Web TokensNull-byte injectionORED Open redirectSQL injectionSSRF (Server-Side Request Forgery)SSTI (Server-Side Template Injection)Unrestricted file uploadXSS (Cross-Site Scripting)XXE injectionFile inclusion
PreviousWeb Application Firewall (WAF)NextAPI

Last updated