Vulnerability Taxonomy
Detailed directories outlining target recon checklists, exploitation vectors, and patch mitigations for major vulnerability categories.
Cross-Site Scripting (XSS)
Occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing script execution in browser sessions.
Insecure Direct Object Reference (IDOR)
Happens when a developer exposes a reference to an internal implementation object, such as a database key, without access authorization check.
Server-Side Request Forgery (SSRF)
Enables an attacker to coerce the server-side application to make HTTP requests to an arbitrary domain, exposing metadata, private subnets or servers.
Cross-Site Request Forgery (CSRF)
Forces an end user to execute unwanted actions on a web application in which they are currently authenticated, leading to state changes.
Authentication Bypass
Allows an attacker to gain access to administrative pages or user accounts without validating credentials, tokens, or multi-factor keys.