web

What is GraphQL? # GraphQL is a query language designed to provide efficient communication between clients and servers by having the client specify exactly what data they want in the response.

What is Serialization? # As the name suggests, serialization is the process of converting complex data into a simpler format that can be send as a stream of bytes.

What is a Web Socket? # WS (WebSockets) are widely used in modern web applications because they can initiate long-lived sessions over HTTP with asynchronous communication in both directions.

What is the DOM? # The document object model is a web browser’s representation of the elements on the page.

What is an API? # Application Programming Interfaces (APIs) allow for different software systems and applications to share data.

What is CSRF? # Cross-site request forgery allows an attacker to perform any actions that a normal user is able to.

Before we get into the content here I want to clarify that I wasn’t able to find any CTF-type examples of clickjacking, so if you know of one please let me know.

What is CORS? # Cross-origin resource sharing (CORS) is a browser mechanism that allows for controlled access to resources located outside the original domain.

This is going to be a longer post, so I am leaving out some more intuitive pieces of information like explaining impact and testing strategies because I think if you understand everything here, the other things will come naturally.

What is NoSQL Injection? # These types of attacks occur when attackers interfere with the queries that the web application sends to a NoSQL database.