|
Server-side topics |
|
|
|
| 01 |
SQL injection |
✔️ 2/2 |
✔️ 16/16 |
- |
| 02 |
Authentication |
✖️ 0/3 |
✖️ 0/9 |
✖️ 0/2 |
| 03 |
Path traversal |
✔️ 1/1 |
✔️ 5/5 |
- |
| 04 |
Command inection |
✖️ 0/1 |
✖️ 0/4 |
- |
| 05 |
Business logic vulnerabilities |
✖️ 0/4 |
✖️ 0/7 |
✖️ 0/1 |
| 06 |
Information disclosure |
✖️ 0/4 |
✖️ 0/1 |
- |
| 07 |
Access control |
✖️ 0/9 |
✖️ 0/4 |
- |
| 08 |
File upload vulnerabilities |
✖️ 0/2 |
✖️ 0/4 |
✖️ 0/1 |
| 09 |
Race conditions |
✖️ 0/1 |
✖️ 0/4 |
✖️ 0/1 |
| 10 |
Server-side request forgery (SSRF) |
✖️ 0/2 |
✖️ 0/3 |
✖️ 0/2 |
| 11 |
XXE injection |
✖️ 0/2 |
✖️ 0/6 |
✖️ 0/1 |
| 12 |
NoSQL Injection |
✔️ 2/2 |
✔️ 2/2 |
- |
| 13 |
API Testing |
✖️ 0/1 |
✖️ 0/3 |
✖️ 0/1 |
| 14 |
Web cache deception |
✖️ 0/1 |
✖️ 0/3 |
✖️ 0/1 |
|
Client-side topics |
|
|
|
| 15 |
Cross-site scripting (XSS) |
✖️ 0/9 |
✖️ 0/15 |
✖️ 0/6 |
| 16 |
Cross-site request forgery (CSRF) |
✖️ 0/1 |
✖️ 0/11 |
- |
| 17 |
Cross-origin resource sharing (CORS) |
✔️ 2/2 |
✔️ 1/1 |
- |
| 18 |
Clickjacking |
✖️ 0/3 |
✖️ 0/2 |
- |
| 19 |
DOM-based vulnerabilities |
- |
✖️ 0/5 |
✖️ 0/2 |
| 20 |
WebSockets |
✖️ 0/1 |
✖️ 0/2 |
- |
|
Advanced topics |
|
|
|
| 21 |
Insecure deserialization |
✖️ 0/1 |
✖️ 0/6 |
✖️ 0/3 |
| 22 |
Web LLM attacks |
✖️ 0/1 |
✖️ 0/2 |
✖️ 0/1 |
| 23 |
GraphQL API vulnerabilities |
✖️ 0/1 |
✖️ 0/4 |
- |
| 24 |
Server-side template injection |
- |
✖️ 0/5 |
✖️ 0/2 |
| 25 |
Web cache poisoning |
- |
✖️ 0/9 |
✖️ 0/4 |
| 26 |
HTTP Host header attacks |
✖️ 0/2 |
✖️ 0/4 |
✖️ 0/1 |
| 27 |
HTTP request smuggling |
- |
✖️ 0/15 |
✖️ 0/7 |
| 28 |
OAuth authentication |
✖️ 0/1 |
✖️ 0/4 |
✖️ 0/1 |
| 29 |
JWT attacks |
✖️ 0/2 |
✖️ 0/4 |
✖️ 0/2 |
| 30 |
Prototype pollution |
- |
✖️ 0/9 |
✖️ 0/1 |
| 31 |
Essential skills |
- |
✖️ 0/2 |
- |