This is my web security testing repository, where I document, track, and share my penetration testing labs across different vulnerability categories
Each web vulnerability below links to a dedicated repository containing detailed writeups, methodologies, and attack walkthroughs for every lab I've solved
| Vulnerability Type | Repository |
|---|---|
| Access Control | View Labs → |
| Authentication | View Labs → |
| Business Logic | View Labs → |
| Clickjacking | View Labs → |
| CORS Misconfiguration | View Labs → |
| Cross-Site Request Forgery (CSRF) | View Labs → |
| Cross-Site Scripting (XSS) | View Labs → |
| DOM-Based Vulnerabilities | View Labs → |
| File Upload | View Labs → |
| GraphQL API | View Labs → |
| HTTP Host Header Attacks | View Labs → |
| HTTP Request Smuggling | View Labs → |
| Information Disclosure | View Labs → |
| Insecure Deserialization | View Labs → |
| JSON Web Tokens (JWT) | View Labs → |
| NoSQL Injection | View Labs → |
| OAuth Authentication | View Labs → |
| OS Command Injection | View Labs → |
| Path Traversal | View Labs → |
| Prototype Pollution | View Labs → |
| Race Conditions | View Labs → |
| Server-Side Request Forgery (SSRF) | View Labs → |
| Server-Side Template Injection (SSTI) | View Labs → |
| SQL Injection (SQLi) | View Labs → |
| Web Cache Deception | View Labs → |
| Web Cache Poisoning | View Labs → |
| Web LLM Attacks | View Labs → |
| WebSockets | View Labs → |
| XML External Entity (XXE) | View Labs → |
| API Security Testing | View Labs → |
| Essential Skills | View Labs → |