Attack the article
XSS
Stored XSS
Reflect lines XSS
DOM-based XSS
Reflected vs DOM-based
CSRF
CSRF–GET
Injection
Injection demo 1
Infection is more than SQL
injection demo 2
SSRF demo
DoS
ReDoS
DDoS
Man-in-the-middle attack
Defense article
XSS
String generation DOM
The user loops SVG
User-defined style
The same-origin policy
CSP
CSRF defense
token
The iframe attacks
CSRF anti-pattern
SameSite Cookie
Correct posture to defend against CSRF
Defend against CSRF in middleware
Injection
Injection beyond SQL
- Principle of least authority
- Set up the allowed list + filter
- Restrictions on URL type parameters such as protocol, domain name, and IP address
DDos
Defensive middleman
HTTPS
Some features of HTTPS
- Asymmetric encryption
- Symmetric encryption
