1. 1. Welcome
2. 2. WEB - OWASP TOP 10
3. 1. 2.1. Broken Access Control
   2. 1. 2.1.1. IDOR
      2. 2.1.2. Local File Inclusion (LFI)
      3. 2.1.3. Directory Traversal
      4. 2.1.4. Authorization Bypass
   3. 2.2. Cryptographic Failures
   4. 1. 2.2.1. SSL/TLS Misconfiguration
      2. 2.2.2. HTTP Strict Transport Security (HSTS)
   5. 2.3. Injection
   6. 1. 2.3.1. Stored Cross-Site Scripting (XSS)
      2. 2.3.2. Reflected Cross-Site Scripting (XSS)
      3. 2.3.3. DOM-Based Cross-Site Scripting (XSS)
      4. 2.3.4. SQL Injection (SQLi)
      5. 2.3.5. Code Injection
   7. 2.4. Insecure Design
   8. 1. 2.4.1. CAPTCHA Bypass
      2. 2.4.2. Lack Of Rate Limiting
      3. 2.4.3. Sensitive Data Exposure
      4. 2.4.4. Denial Of Service
   9. 2.5. Security Misconfiguration
   10. 1. 2.5.1. XML External Entity (XXE)
       2. 2.5.2. Default Configurations
       3. 2.5.3. IIS Tilde Enumeration
       4. 2.5.4. Verbose Error Messages
       5. 2.5.5. Stack Traces
       6. 2.5.6. Server Fingerprinting
       7. 2.5.7. Cookie Flags
       8. 2.5.8. HTTP Headers
   11. 2.6. Vulnerable and Outdated Components
   12. 1. 2.6.1. Usage Of Vulnerable Components
   13. 2.7. Identification and Authentication Failures
   14. 1. 2.7.1. Weak Passwords Policy
       2. 2.7.2. Lack of Bruteforce Protection
       3. 2.7.3. Session Fixation
       4. 2.7.4. Username Enumeration
   15. 2.8. Software and Data Integrity Failures
   16. 1. 2.8.1. Data Tampering
   17. 2.9. Security Logging and Monitoring Failures
   18. 1. 2.9.1. Insufficient Logging
   19. 2.10. Server-Side Request Forgery (SSRF)
   20. 1. 2.10.1. AWS Credentials Theft
       2. 2.10.2. Internal Network Access
4. 3. LLM - OWASP TOP 10
5. 1. 3.1. LLM01: Prompt Injection
   2. 3.2. LLM02: Insecure Output Handling
   3. 3.3. LLM03: Training Data Poisoning
   4. 3.4. LLM04: Model Denial of Service
   5. 3.5. LLM05: Supply Chain Vulnerabilities
   6. 3.6. LLM06: Sensitive Information Disclosure
   7. 3.7. LLM07: Insecure Plugin Design
   8. 3.8. LLM08: Excessive Agency
   9. 3.9. LLM09: Overreliance
   10. 3.10. LLM10: Model Theft
6. 4. MOBILE - OWASP TOP 10
7. 1. 4.1. M1: Improper Credential Usage
   2. 1. 4.1.1. Hardcoded API Keys
      2. 4.1.2. Tokens Leaked In Logs
      3. 4.1.3. Credentials In Device Backups
   3. 4.2. M2: Inadequate Supply Chain Security
   4. 1. 4.2.1. Trojanized SDKs
      2. 4.2.2. Dependency Confusion
      3. 4.2.3. Unsigned Dynamic Code Loading
   5. 4.3. M3: Insecure Authentication/Authorization
   6. 1. 4.3.1. Session Token Replay
      2. 4.3.2. Biometric Bypass
      3. 4.3.3. Client-Side Only Authorization
   7. 4.4. M4: Insufficient Input/Output Validation
   8. 1. 4.4.1. Deep Link Exploitation
      2. 4.4.2. WebView JavaScript Bridge Injection
      3. 4.4.3. Content Provider Path Traversal
   9. 4.5. M5: Insecure Communication
   10. 1. 4.5.1. TLS Pinning Bypass
       2. 4.5.2. Cleartext Traffic
       3. 4.5.3. No Certificate Validation
   11. 4.6. M6: Inadequate Privacy Controls
   12. 1. 4.6.1. Unauthorized Location Tracking
       2. 4.6.2. Clipboard Harvesting
       3. 4.6.3. Background Sensor Collection
   13. 4.7. M7: Insufficient Binary Protections
   14. 1. 4.7.1. Repackaged Malware
       2. 4.7.2. Debuggable Release Build
       3. 4.7.3. No Root/Jailbreak Detection
   15. 4.8. M8: Security Misconfiguration
   16. 1. 4.8.1. Over-Exported Components
       2. 4.8.2. Backup Enabled
       3. 4.8.3. WebView Debugging Enabled
   17. 4.9. M9: Insecure Data Storage
   18. 1. 4.9.1. Unencrypted Local Database
       2. 4.9.2. Secrets In Shared Preferences
       3. 4.9.3. External Storage Exposure
   19. 4.10. M10: Insufficient Cryptography
   20. 1. 4.10.1. Weak Encryption Algorithms
       2. 4.10.2. Hardcoded Crypto Material
       3. 4.10.3. IV/Nonce Reuse
8. 5. Cloud Vulnerabilities
9. 1. 5.1. AWS
   2. 1. 5.1.1. Public S3 Buckets and Objects
      2. 5.1.2. IAM Privilege Escalation Paths
      3. 5.1.3. EC2 Instance Metadata Service (IMDSv1)
      4. 5.1.4. Open Security Groups
      5. 5.1.5. CloudTrail Gaps or Tampering
      6. 5.1.6. S3 Website and Origin Misconfigurations
      7. 5.1.7. Lambda Over-Privileged Roles and Secrets
      8. 5.1.8. ECR/ECS Misconfigurations
      9. 5.1.9. RDS Public Access
      10. 5.1.10. Cross-Account Trust Abuse
   3. 5.2. Azure
   4. 1. 5.2.1. Public Blob Access
      2. 5.2.2. Managed Identity Abuse
      3. 5.2.3. AAD App Consent and Role Abuse
      4. 5.2.4. Key Vault Misconfiguration
      5. 5.2.5. RBAC Privilege Escalation
      6. 5.2.6. Function/Kudu Exposure
      7. 5.2.7. NSG Misconfigurations
      8. 5.2.8. Logging and Defender Gaps
   5. 5.3. GCP
   6. 1. 5.3.1. GCS Public Buckets
      2. 5.3.2. Service Account Over-Privilege and Keys
      3. 5.3.3. Metadata Server SSRF and Default Scopes
      4. 5.3.4. Cloud SQL Public Exposure
      5. 5.3.5. IAM Misconfig and Lateral Movement
      6. 5.3.6. Cloud Functions/Run Unauthenticated
      7. 5.3.7. Audit Logging and Retention Gaps
      8. 5.3.8. VPC Firewall Open Ingress
10. 6. Active Directory Vulnerabilities
11. 1. 6.1. Weak Password Policies
    2. 6.2. Kerberoasting
    3. 6.3. AS-REP Roasting
    4. 6.4. Unconstrained Delegation
    5. 6.5. Constrained Delegation Abuse
    6. 6.6. Resource-Based Constrained Delegation
    7. 6.7. AD CS (ESC1) Misconfiguration
    8. 6.8. DCSync Permissions Abuse
    9. 6.9. NTLM Relay and Signing Gaps
    10. 6.10. Privileged Group Sprawl and Tier-0 Bleed
    11. 6.11. AdminSDHolder and Protected Groups Abuse
    12. 6.12. Group Policy Preferences (GPP) Passwords in SYSVOL
    13. 6.13. Insecure Domain and Forest Trusts