Posts

What is the DOM? # The document object model is a web browser’s representation of the elements on the page.

What is a Web Socket? # WS (WebSockets) are widely used in modern web applications because they can initiate long-lived sessions over HTTP with asynchronous communication in both directions.

What is an API? # Application Programming Interfaces (APIs) allow for different software systems and applications to share data.

What is CSRF? # Cross-site request forgery allows an attacker to perform any actions that a normal user is able to.

Before we get into the content here I want to clarify that I wasn’t able to find any CTF-type examples of clickjacking, so if you know of one please let me know.

What is CORS? # Cross-origin resource sharing (CORS) is a browser mechanism that allows for controlled access to resources located outside the original domain.

This is going to be a longer post, so I am leaving out some more intuitive pieces of information like explaining impact and testing strategies because I think if you understand everything here, the other things will come naturally.

We can start with a port scan: ╰─ nmap -sC -sV 10.129.55.122 Starting Nmap 7.

What is NoSQL Injection? # These types of attacks occur when attackers interfere with the queries that the web application sends to a NoSQL database.

What is XML External Entity Injection (XXE)? # This vulnerability has to do with how certain web applications process XML data.