blob: a68f693d41698aa739fcab7acba400671d639655 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
---
layout: ctf
title: some notes on web security
---
# web security
## practice
- [picoctf.org](https://picoctf.org)
- [websec.fr](https://websec.fr)
- https://portswigger.net/web-security/all-materials
## tooling
- curl
- devtools
- burp suite
- mitmproxy
- [webhook.site](https://webhook.site/)
- [dnslog.cn](http://www.dnslog.cn/)
## common attacks
### sqli: sql injection
### xss: cross-site scripting
### xxe: external entity injection
### csrf: cross-site request forgery
### ssrf: server-side request forgery
### request smuggling
### prototype pollution
## common failures
### trusting headers
|
