1. 1. Welcome
2. 2. Glossary
3. 3. WEB - OWASP TOP 10
4. 1. 3.1. Broken Access Control
   2. 1. 3.1.1. IDOR
      2. 3.1.2. Local File Inclusion (LFI)
      3. 3.1.3. Directory Traversal
      4. 3.1.4. Authorization Bypass
   3. 3.2. Cryptographic Failures
   4. 1. 3.2.1. SSL/TLS Misconfiguration
      2. 3.2.2. HTTP Strict Transport Security (HSTS)
   5. 3.3. Injection
   6. 1. 3.3.1. Stored Cross-Site Scripting (XSS)
      2. 3.3.2. Reflected Cross-Site Scripting (XSS)
      3. 3.3.3. DOM-Based Cross-Site Scripting (XSS)
      4. 3.3.4. SQL Injection (SQLi)
      5. 3.3.5. Code Injection
   7. 3.4. Insecure Design
   8. 1. 3.4.1. CAPTCHA Bypass
      2. 3.4.2. Lack Of Rate Limiting
      3. 3.4.3. Sensitive Data Exposure
      4. 3.4.4. Denial Of Service
   9. 3.5. Security Misconfiguration
   10. 1. 3.5.1. XML External Entity (XXE)
       2. 3.5.2. Default Configurations
       3. 3.5.3. IIS Tilde Enumeration
       4. 3.5.4. Verbose Error Messages
       5. 3.5.5. Stack Traces
       6. 3.5.6. Server Fingerprinting
       7. 3.5.7. Cookie Flags
       8. 3.5.8. HTTP Headers
   11. 3.6. Vulnerable and Outdated Components
   12. 1. 3.6.1. Usage Of Vulnerable Components
   13. 3.7. Identification and Authentication Failures
   14. 1. 3.7.1. Weak Passwords Policy
       2. 3.7.2. Lack of Bruteforce Protection
       3. 3.7.3. Session Fixation
       4. 3.7.4. Username Enumeration
   15. 3.8. Software and Data Integrity Failures
   16. 1. 3.8.1. Data Tampering
   17. 3.9. Security Logging and Monitoring Failures
   18. 1. 3.9.1. Insufficient Logging
   19. 3.10. Server-Side Request Forgery (SSRF)
   20. 1. 3.10.1. AWS Credentials Theft
       2. 3.10.2. Internal Network Access