PwC安全技术小组

Ctrlk

技术 - Web安全测试技术点

XS-Search XSSI (Cross-Site Script Inclusion)XSS (Cross Site Scripting)XXE - XEE - XML External Entity XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)XPATH injection Web Tool - WFuzz Unicode Normalization vulnerability SSTI (Server Side Template Injection)SSRF (Server Side Request Forgery)SQL Injection Reset/Forgotten Password Bypass Regular expression Denial of Service - ReDoS Rate Limit Bypass Race Condition PostMessage Vulnerabilities Parameter Pollution OAuth to Account takeover LDAP Injection NoSQL injection JWT Vulnerabilities (Json Web Tokens)IDOR HTTP Request Smuggling / HTTP Desync Attack Formula Injection File Upload File Inclusion/Path traversal Email Header Injection Deserialization Domain/Subdomain takeover CSRF (Cross Site Request Forgery)Dangling Markup - HTML scriptless injection CRLF (%0D%0A) Injection Cross-site WebSocket hijacking (CSWSH)CORS - Misconfigurations & Bypass Cookies Hacking Content Security Policy (CSP) Bypass Client Side Template Injection (CSTI)Command Injection Clickjacking Cache Poisoning and Cache Deception Captcha Bypass Bypass Payment Process Abusing hop-by-hop headers 2FA/OTP Bypass

上一页PwC安全技术小组须知下一页XS-Search

最后更新于4年前

这有帮助吗？