GitHubBlog

Server-Side

SQL injectionAuthenticationDirectory traversalCommand injectionBusiness logic vulnerabilitiesInformation disclosureAccess controlFile upload vulnerabilitiesRace conditionsServer-side request forgery (SSRF)XXE injectionNoSQL injectionAPI testingWeb cache deceptionInsecure deserializationGraphQL API vulnerabilitiesServer-side template injection (SSTI)Web cache poisoningHTTP Host header attacksHTTP request smugglingOAuth authenticationJWT attacks
PreviousCommand and ControlNextSQL injection