1 files changed, 28 insertions, 3 deletions

diff --git a/ctf/web.md b/ctf/web.md
index 3e40a62..09107d1 100644
--- a/ctf/web.md
+++ b/ctf/web.md
@@ -1,5 +1,30 @@
-# Web Security
-
-## Resources
+# web security
 
 - [websec.fr](https://websec.fr)
+
+## tooling
+
+- devtools
+- burp suite
+- mitmproxy
+- ???
+
+## common attacks
+
+### sqli: sql injection
+
+### xss: cross-site scripting
+
+### xxe: external entity injection
+
+### csrf: cross-site request forgery
+
+### ssrf: server-side request forgery
+
+### request smuggling
+
+### prototype pollution
+
+## common failures
+
+### trusting headers