• Javascript for Pentesters: HTML DOM
• Javascript for Pentesters: Event Handlers
• Javascript for Pentesters: Cookies
• Javascript for Pentesters: Stealing Cookies
• Javascript for Pentesters: Exceptions
• Javascript for Pentesters: Advanced Forms Manipulation
• Javascript for Pentesters: XMLHttpRequest Basics
• Javascript for Pentesters: XHR and HTML Parsing
• Javascript for Pentesters: XHR and JSON Parsing
• Javascript for Pentesters: XHR and XML Parsing
• File Upload Vulnerability Basics
• Beating Content-Type Check in File Uploads
• Bypassing Blacklists in File Upload
• Bypassing Blacklists using PHPx
• Bypassing Whitelists using Double Extensions in File Uploads
• Defeating Getimagesize() Checks in File Uploads
• Null Byte Injection in File Uploads
• Exploiting File Uploads to get Meterpreter
• Remote File Inclusion Vulnerability Basics
• Exploiting RFI with Forced Extensions
• RFI to Meterpreter
• LFI Basics
• LFI with Directory Prepends
• Remote Code Execution with LFI and File Upload Vulnerability
• LFI with File Extension Appended – Null Byte Injection
• Remote Code Execution with LFI and Apache Log Poisoning
• Remote Code Execution with LFI and SSH Log Poisoning
• Unvalidated Redirects
• Encoding Redirect Params
• Open Redirects: Base64 Encoded Params
• Open Redirects: Beating Hash Checking
• Open Redirects: Hashing with Salt
• Securing Open Redirects
• Cross Site Request Forgery Basics
• Cross Site Request Forgery Trigger Tags
• CSRF Multi-Step Operation Handling
• Mitigating CSRF with Tokens
• CSRF and XSS
• CSRF Token Bypass with Hidden Iframes
• Insecure Direct Object Reference
• Insecure Direct Object Reference (Burp Demo)