Web Vulnerability by Joas Antonio
Web Attacks, AppSec and Bug Bounty Mind Map
Web Vulnerability by Joas Antonio
por Joas Antonio
1. Web Vulnerability
1.1. Arbitrary File Access
1.2. Arbitrary File Upload
1.3. Arbitrary File Read
1.4. Arbitrary File Upload
1.5. Account Take Over
1.6. Authentication Bypass
1.7. Binary Planting
1.8. Blind SQL Injection
1.9. Blind XPath Injection
1.10. Buffer Overflow
1.11. Bypass File Upload Restrictions
1.12. Bypass Characteres Restrictions
1.13. Bypass Regex
1.14. Blind XSS
1.15. Blind SSRF
1.16. Browser Hijacking
1.17. Bypass HTTPOnly
1.18. Cache Poisoning
1.19. Cross Site Scripting
1.19.1. Dom, Reflected and Stored
1.20. Cross Site Request Forgery
1.21. Cash Overflow
1.22. Clickjacking
1.23. Command Injection
1.24. Comment Injection
1.25. Content Security Policy Bypass
1.26. Content Spoofing
1.27. Credential Stuffing
1.28. Cross Frame Scripting
1.29. Cross Site History Manipulation
1.30. Cross Site Tracing
1.31. Cross Site Port Attack
1.32. Cross-User Defacement
1.33. Code Injection
1.34. Custom Special Character Injection
1.35. Click Account Hijacking
2. Youtube Channels
2.1. Ippsec
2.2. The Cyber Mentor
2.3. Stok
2.4. Red Team Village
2.5. Defcon Channel
2.6. Black Hat Channel
2.7. RoadSec Channel
2.8. MindTheSec Channel
2.9. Acadi-TI
2.10. Gabriel Pato
2.11. John Hammond
2.12. Live Overflow
2.13. GynvaelEN
2.14. Ricardo Longatto
2.15. Guia Anônima
2.16. Cristi Vlad
2.17. NahamSec
2.18. Michael LaSalvia
2.19. Bsides
2.20. HackerOne Channel
2.21. BugCrowd Channel
2.22. Hak5
2.23. Cybrary
2.24. Daniel Donda
2.25. Xtreme Security
2.26. PwnFunction
2.27. Murmus CTF
2.28. Great Scott!
2.29. KacperSzurekEN
2.30. Joas Antonio
2.31. Kit Boga
3. LinkedIn
3.1. https://www.linkedin.com/in/joas-antonio-dos-santos
4. Web Vulnerability 2
4.1. Data Exfiltration
4.2. Denial of Service
4.3. Direct Dynamic Code Evaluation
4.4. Data Tampering
4.5. Execution After Redirection
4.6. Exploitation of Cors
4.7. Email Hijacking
4.8. Email Spoofing
4.9. Embedding Null Code
4.10. Forced Browsing
4.11. Form Action Hijacking
4.12. Full Path Disclosure
4.13. Function Injection
4.14. Host Head Injection
4.15. HTTP Response Splitting
4.16. HTTP Verb Tampering
4.17. HTML Injection
4.18. Insecure Deserialization
4.19. Insecure HTTP Usage
4.20. Insecure Direct Object Reference
4.21. LDAP Injection
4.22. Log Injection
4.23. Man in the Brwoser
4.24. Man in the Middle
4.25. Mobile Code Invoking
4.26. Os Vulnerability Injection
4.27. Open Redirect
4.28. Parameter Delimiter
4.29. Page TakeOver
4.30. Path Traversal
4.31. PHP Injection
5. Web Vulnerability 3
5.1. Reflected Dom Injection
5.2. ReDos
5.3. Remote Code Execution
5.4. Repudiation Attack
5.5. Resource Injection
5.6. Session Fixation
5.7. Server Side Template Injection
5.8. Server Side Include Injection
5.9. Session Hijacking
5.10. SQL Injection Attack and Types
5.11. Session Prediction
5.12. SMTP Injection
5.13. Web Parameter Tampering
5.14. XPath Injection
5.15. XSRF or SSRF
5.16. Other Vuknerability
5.16.1. Attacks on Software Application Security | OWASP Foundation
5.16.2. HackerOne
6. Laboratory
6.1. Hack the Box
6.2. Proving Grounds and Vulnhub
6.3. Try Hack Me
6.4. OWASP Labs Project
6.5. Rapid 7 Labs Project
6.6. Open Source Solutions
6.6.1. IDS, IPS, Firewall, WAF, SIEM, Log Manager and others