---
layout: ctf
title: some notes on web security
---

# web security

- [websec.fr](https://websec.fr)

## tooling

- devtools
- burp suite
- mitmproxy
- ???

## common attacks

### sqli: sql injection

### xss: cross-site scripting

### xxe: external entity injection

### csrf: cross-site request forgery

### ssrf: server-side request forgery

### request smuggling

### prototype pollution

## common failures

### trusting headers