OWASP WSTG

  Summary An attacker who gets access to user session cookies can impersonate them by presenting such cookies. This attack...

  Summary A format string is a null-terminated character sequence that also contains conversion specifiers interpreted or converted at runtime....

Summary Also often referred to as persistent attacks, incubated testing is a complex testing method that needs more than one...

  Summary This section illustrates examples of attacks that leverage specific features of the HTTP protocol, either by exploiting weaknesses...

Summary This section describes how to monitor all incoming/outgoing HTTP requests on both client-side or server-side. The purpose of this...

Summary A web server commonly hosts several web applications on the same IP address, referring to each application via the...

  Summary Web applications commonly use server side templating technologies (Jinja2, Twig, FreeMaker, etc.) to generate dynamic HTML responses. Server...

Summary Web applications often interact with internal or external resources. While you may expect that only the intended resource will...

  Summary One of the core components of any web-based application is the mechanism by which it controls and maintains...

Summary Web Cookies (herein referred to as cookies) are often a key attack vector for malicious users (typically targeting other...