--- layout: ctf title: ctf/web exploitation --- # web security - [websec.fr](https://websec.fr) ## tooling - devtools - burp suite - mitmproxy - ??? ## common attacks ### sqli: sql injection ### xss: cross-site scripting ### xxe: external entity injection ### csrf: cross-site request forgery ### ssrf: server-side request forgery ### request smuggling ### prototype pollution ## common failures ### trusting headers