Web Security 64
- BSCP Practice Exam 1 풀이 (PortSwigger Academy)
- Prototype Pollution 실습(2) - DOM XSS via an alternative prototype pollution vector (PortSwigger Academy)
- Prototype Pollution 실습(1) - DOM XSS via client-side prototype pollution (PortSwigger Academy)
- GraphQL 실습(5) - Performing CSRF exploits over GraphQL (PortSwigger Academy)
- GraphQL 실습(4) - Bypassing GraphQL brute force protections (PortSwigger Academy)
- GraphQL 실습(3) - Finding a hidden GraphQL endpoint (PortSwigger Academy)
- GraphQL 실습(2) - Accidental exposure of private GraphQL fields (PortSwigger Academy)
- GraphQL 실습(1) - Accessing private GraphQL posts (PortSwigger Academy)
- GraphQL API 취약점 (PortSwigger Academy) - 취약점 분석과 Exploit (Part 2)
- GraphQL API 취약점 (PortSwigger Academy) - 개념 정리 (Part 1)
- Race Conditions 실습(5) - Exploiting time-sensitive vulnerabilities (PortSwigger Academy)
- Race Conditions 실습(4) - Single-endpoint race conditions (PortSwigger Academy)
- Race Conditions 실습(3) - Multi-endpoint race conditions (PortSwigger Academy)
- Race Conditions 실습(2) - Bypassing rate limits via race conditions (PortSwigger Academy)
- Race Conditions (PortSwigger Academy) - 개념 정리 및 응용 (Part 2)
- Race Conditions 실습(1) - Limit overrun race conditions (PortSwigger Academy)
- Race Conditions (PortSwigger Academy) - 개념 정리 (Part 1)
- Insecure Deserialization 실습(7) - Ruby Gadget Chain을 이용한 RCE (PortSwigger Academy)
- Insecure Deserialization 실습(6) - PHPGGC를 이용한 Signed Cookie 우회 (PortSwigger Academy)
- Insecure Deserialization 실습(5) - ysoserial을 이용한 Java gadget chain 공격 (PortSwigger Academy)
- Insecure Deserialization 실습(4) - Arbitrary Object Injection in PHP (PortSwigger Academy)
- Insecure Deserialization 실습(3) - Using application functionality (PortSwigger Academy)
- Insecure Deserialization 실습(2) - Modifying serialized data types (PortSwigger Academy)
- Insecure Deserialization 실습(1) - Modifying serialized objects (PortSwigger Academy)
- Insecure Deserialization (PortSwigger Aademy) - 취약점 분석과 공격 (Part 2)
- Insecure Deserialization (PortSwigger Aademy) - 개념과 기본 원리 (Part 1)
- SSTI 실습(5) - user-supplied object를 통한 정보 유출 (PortSwigger Academy)
- SSTI 실습(4) - Unknown template engine + documented exploit (PortSwigger Academy)
- SSTI 실습(3) - Freemarker Template Injection으로 파일 삭제 (PortSwigger Academy)
- SSTI 실습(2) - Tornado Template Injection (Code Context)로 파일 삭제 (PortSwigger Academy)
- SSTI 실습(1) - ERB Template Injection을 이용한 파일 삭제 (PortSwigger Academy)
- Server-Side Template Injection (SSTI) 취약점 (PortSwigger Academy) - 개념과 공격 흐름 정리
- CORS 실습(3) - Trusted insecure protocol을 이용한 데이터 탈취 (PortSwigger Academy)
- CORS (PortSwigger Academy) - CORS trust relationships 악용과 방어 방법 (Part 2)
- CORS 실습(2) - CORS vulnerability with trusted null origin (PortSwigger Academy)
- CORS 실습(1) - CORS vulnerability with basic origin reflection (PortSwigger Academy)
- CORS (PortSwigger Academy) - 개념과 기본 취약점 (Part 1)
- Authentication 실습(10) - Password brute-force via password change (PortSwigger Academy)
- Authentication 실습(9) - Password reset poisoning via middleware (PortSwigger Academy)
- Authentication 실습(8) - Password reset broken logic (PortSwigger Academy)
- Authentication 실습(7) - Offline password cracking (PortSwigger Academy)
- Authentication 실습(6) - Brute-forcing a stay-logged-in cookie (PortSwigger Academy)
- Authentication Vulnerabilities (PortSwigger Academy) - 기타 인증 메커니즘 취약점
- Authentication 실습(5) - 2FA broken logic (PortSwigger Academy)
- Authentication Vulnerabilities (PortSwigger Academy) - MFA 취약점
- Authentication 실습(4) - Username enumeration via account lock (PortSwigger Academy)
- Authentication 실습(3) - Broken Brute-force Protection (PortSwigger Academy)
- Authentication Vulnerabilities (PortSwigger Academy) - 비밀번호 기반 로그인 (Part 2)
- Authentication 실습(2) - Username enumeration via response (PortSwigger Academy)
- Authentication 실습(1) - Username enumeration via subtly different responses (PortSwigger Academy)
- Authentication Vulnerabilities (PortSwigger Academy) - 비밀번호 기반 로그인
- Authentication Vulnerabilities (PortSwigger Academy) - 인증 취약점
- JWT attacks 실습(4) - JWT authentication bypass via kid header path traversal (PortSwigger Academy)
- JWT attacks 실습(3) - JWT authentication bypass via jku header injection (PortSwigger Academy)
- JWT 취약점과 공격 방식 (PortSwigger Academy)
- JWT attacks 실습(2) - JWT authentication bypass via weak jwk header injection (PortSwigger Academy)
- JWT attacks 실습(1) - JWT authentication bypass via weak signing key (PortSwigger Academy)
- JWT 공격이란 무엇일까? (PortSwigger Academy)
- Information Disclosure에 대해 알아보자 (PortSwigger Academy)
- API Testing 실습(2) - Finding and exploiting an unused API endpoint (PortSwigger Academy)
- API Testing 실습(1) - Exploiting an API endpoint using documentation (PortSwigger Academy)
- SSPP 실습(1) - Exploiting server-side parameter pollution in a query string (PortSwigger Academy)
- Server-side parameter pollution (SSPP) 취약점 (PortSwigger Academy)
- API Testing 방법 및 방어 (PortSwigger Academy)