BSCP

Introduction # To preface this post, I want to briefly describe my level of experience to help others who might take this exam better benchmark how long it might take them to study.

What is Prototype Pollution? # This type of vulnerability allows attackers to add arbitrary properties to global object prototypes that can be inherited by user-defined objects.

What is a JWT? # JSON web tokens (JWTs) are a standardized way to send some kind of cryptographically signed JSON data between systems.

What is the HTTP Host Header? # HTTP host headers are mandatory request headers that specify the domain name the client is trying to access.

What is OAuth? # If you’ve ever looked around the web and found a site that allows you to sign in with your social media account, chances are that the feature being used there was build on the OAuth 2.

What is HTTP Request Smuggling? # HTTP request smuggling is a technique that interferes with the way a web application will process sequences of HTTP requests received from one or more users.

What is Web Cache Poisoning? # This is a technique where we can get the target web server and its cache in order to serve a harmful HTTP response to other users.

What is SSTi? # Server-Side Template Injection (SSTi) is when an attacker is able to inject some native template syntax into a template, which is exceed as code by the server.

What is GraphQL? # GraphQL is a query language designed to provide efficient communication between clients and servers by having the client specify exactly what data they want in the response.

What is Serialization? # As the name suggests, serialization is the process of converting complex data into a simpler format that can be send as a stream of bytes.