Web Sockets

Exploiting Web Socket vulnerabilities.

Bypassing Client Side Controls

Circumventing web application client side controls.

API Testing

Exploiting REST based API’s.

Content Security Policies

Identifying and exploiting CSP misconfigurations.

Server Side Request Forgery

Exploiting SSRF vulnerabilities.

JSON Web Tokens

Modifying JWT values to elevate privileges.

PHP Type Confusion

Exploiting loose comparison operations.

PHP Deserialisation

Triggering code execution through object deserialisation.

Command Injection

Exploiting command injection vulnerabilities.

Exploiting Tomcat

Exploiting common Tomcat vulnerabilities.

File Upload Vulnerabilities

Exploiting file upload vulnerabilities to execute arbitrary code.

SQL Injection

SQL Injection for MySQL databases.