# Web - [Prerequisites](/ctfnote/web/prerequisites.md) - [OWASP Top 10](/ctfnote/web/prerequisites/owasp-top-10.md) - [1. Broken Access Control](/ctfnote/web/prerequisites/owasp-top-10/1.-broken-access-control.md) - [2. Cryptographic Failures](/ctfnote/web/prerequisites/owasp-top-10/2.-cryptographic-failures.md) - [3. Injection](/ctfnote/web/prerequisites/owasp-top-10/3.-injection.md) - [4. Insecure Design](/ctfnote/web/prerequisites/owasp-top-10/4.-insecure-design.md) - [5. Security Misconfiguration](/ctfnote/web/prerequisites/owasp-top-10/5.-security-misconfiguration.md) - [6. Vulnerable and Outdated Components](/ctfnote/web/prerequisites/owasp-top-10/6.-vulnerable-and-outdated-components.md) - [7. Identification and Authentication Failures](/ctfnote/web/prerequisites/owasp-top-10/7.-identification-and-authentication-failures.md) - [8. Software and Data Integrity Failures](/ctfnote/web/prerequisites/owasp-top-10/8.-software-and-data-integrity-failures.md) - [9. Security Logging and Monitoring Failures](/ctfnote/web/prerequisites/owasp-top-10/9.-security-logging-and-monitoring-failures.md) - [10. SSRF](/ctfnote/web/prerequisites/owasp-top-10/10.-ssrf.md) - [HTTP](/ctfnote/web/prerequisites/http.md) - [HTTP Status Codes](/ctfnote/web/prerequisites/http/http-status-codes.md) - [HTTP Headers](/ctfnote/web/prerequisites/http/http-headers.md) - [Burp Suite](/ctfnote/web/prerequisites/burp-suite.md) - [Burp Intruder](/ctfnote/web/prerequisites/burp-suite/burp-intruder.md) - [Burp Extender](/ctfnote/web/prerequisites/burp-suite/burp-extender.md) - [Burp Collaborator](/ctfnote/web/prerequisites/burp-suite/burp-collaborator.md) - [Information Gathering](/ctfnote/web/prerequisites/information-gathering.md) - [DNS](/ctfnote/web/prerequisites/information-gathering/dns.md) - [Git](/ctfnote/web/prerequisites/information-gathering/git.md) - [Editor](/ctfnote/web/prerequisites/information-gathering/editor.md) - [Server](/ctfnote/web/prerequisites/information-gathering/server.md) - [Bug Bounty Report Writing](/ctfnote/web/prerequisites/report-writing.md) - [File Upload](/ctfnote/web/file-upload.md) - [Webshell](/ctfnote/web/file-upload/webshell.md) - [IIS, Nginx, and Apache Vulnerabilities](/ctfnote/web/file-upload/iis-nginx-and-apache-vulnerabilities.md) - [.htaccess (Apache) / web.config (IIS)](/ctfnote/web/file-upload/.htaccess-apache-web.config-iis.md) - [Alternate Data Stream](/ctfnote/web/file-upload/alternate-data-stream.md) - [Code Review: bWAPP Unrestricted File Upload](/ctfnote/web/file-upload/code-review-bwapp-unrestricted-file-upload.md) - [SQL Injection (SQLi)](/ctfnote/web/sql-injection-sqli.md) - [Cheat Sheet](/ctfnote/web/sql-injection-sqli/cheat-sheet.md) - [UNION Attacks](/ctfnote/web/sql-injection-sqli/union-attacks.md) - [Examining the Database](/ctfnote/web/sql-injection-sqli/examining-the-database.md) - [Blind SQL Injection](/ctfnote/web/sql-injection-sqli/blind-sql-injection.md) - [WAF Bypass](/ctfnote/web/sql-injection-sqli/waf-bypass.md) - [Out-Of-Band (OOB)](/ctfnote/web/sql-injection-sqli/out-of-band-oob.md) - [Webshell and UDF](/ctfnote/web/sql-injection-sqli/webshell-and-udf.md) - [sqlmap](/ctfnote/web/sql-injection-sqli/sqlmap.md) - [Code Review: Initialization](/ctfnote/web/sql-injection-sqli/sqlmap/code-review-initialization.md) - [Code Review: tamper](/ctfnote/web/sql-injection-sqli/sqlmap/code-review-tamper.md) - [Cross-Site Scripting (XSS)](/ctfnote/web/cross-site-scripting-xss.md) - [Cheat Sheet](/ctfnote/web/cross-site-scripting-xss/cheat-sheet.md) - [Reflected XSS](/ctfnote/web/cross-site-scripting-xss/reflected-xss.md) - [Stored XSS](/ctfnote/web/cross-site-scripting-xss/stored-xss.md) - [DOM-Based XSS](/ctfnote/web/cross-site-scripting-xss/dom-based-xss.md) - [XSS Contexts](/ctfnote/web/cross-site-scripting-xss/xss-contexts.md) - [CSP](/ctfnote/web/cross-site-scripting-xss/csp.md) - [CSRF and SSRF](/ctfnote/web/csrf-and-ssrf.md) - [Client-Side Request Forgery (CSRF)](/ctfnote/web/csrf-and-ssrf/client-side-request-forgery-csrf.md) - [XSS vs. CSRF](/ctfnote/web/csrf-and-ssrf/client-side-request-forgery-csrf/xss-vs.-csrf.md) - [CSRF Tokens and SameSite Cookies](/ctfnote/web/csrf-and-ssrf/client-side-request-forgery-csrf/csrf-tokens-and-samesite-cookies.md) - [Server-Side Request Forgery (SSRF)](/ctfnote/web/csrf-and-ssrf/server-side-request-forgery-ssrf.md) - [Attacks](/ctfnote/web/csrf-and-ssrf/server-side-request-forgery-ssrf/attacks.md) - [Bypassing Restrictions](/ctfnote/web/csrf-and-ssrf/server-side-request-forgery-ssrf/bypassing-restrictions.md) - [SSRF + Redis](/ctfnote/web/csrf-and-ssrf/server-side-request-forgery-ssrf/ssrf-+-redis.md) - [XML External Entities (XXE)](/ctfnote/web/xml-external-entities-xxe.md) - [Insecure Deserialization](/ctfnote/web/insecure-deserialization.md) - [Python Deserialization](/ctfnote/web/insecure-deserialization/python-deserialization.md) - [PHP Deserialization](/ctfnote/web/insecure-deserialization/php-deserialization.md) - [Java Deserialization](/ctfnote/web/insecure-deserialization/java-deserialization.md) - [Shiro](/ctfnote/web/insecure-deserialization/java-deserialization/shiro.md) - [FastJSON](/ctfnote/web/insecure-deserialization/java-deserialization/fastjson.md) - [WebLogic](/ctfnote/web/insecure-deserialization/java-deserialization/weblogic.md) - [HTTP Request Smuggling](/ctfnote/web/http-request-smuggling.md) - [OS Command Injection](/ctfnote/web/os-command-injection.md) - [Whitespace Bypass](/ctfnote/web/os-command-injection/whitespace-bypass.md) - [Blacklist Bypass](/ctfnote/web/os-command-injection/blacklist-bypass.md) - [Blind OS Command Injection](/ctfnote/web/os-command-injection/blind-os-command-injection.md) - [Lab 1: HITCON 2015 BabyFirst](/ctfnote/web/os-command-injection/lab-1-hitcon-2015-babyfirst.md) - [Lab 2: HITCON 2017 BabyFirst Revenge](/ctfnote/web/os-command-injection/lab-2-hitcon-2017-babyfirst-revenge.md) - [Lab 3: HITCON 2017 BabyFirst Revenge v2](/ctfnote/web/os-command-injection/lab-3-hitcon-2017-babyfirst-revenge-v2.md) - [Directory Traversal](/ctfnote/web/directory-traversal.md) - [HTTP Parameter Pollution](/ctfnote/web/http-parameter-pollution.md) - [Server-Side Template Injection (SSTI)](/ctfnote/web/server-side-template-injection-ssti.md) - [LDAP Injection](/ctfnote/web/ldap-injection.md) - [Redis](/ctfnote/web/redis.md) - [Authentication](/ctfnote/web/redis/authentication.md) - [RCE](/ctfnote/web/redis/rce.md) - [Mitigations](/ctfnote/web/redis/mitigations.md)