web 安全系列文章【译文】

Cross-site request forgery (CSRF)

• CSRF
• XSS vs CSRF
• CSRF tokens
• SameSite cookies

Clickjacking (UI redressing)

• Clickjacking (UI redressing)

Cross-origin resource sharing (CORS)

• CORS
• Same-origin policy (SOP)
• Access-control-allow-origin

Server-side request forgery (SSRF)

• Server-side request forgery (SSRF)
• Blind SSRF vulnerabilities

HTTP request smuggling

• HTTP request smuggling
• Finding HTTP request smuggling vulnerabilities
• Exploiting HTTP request smuggling vulnerabilities

OS command injectionn

• OS command injection

Server-side template injection

• Server-side template injection
• Exploiting server-side template injection vulnerabilities

Directory traversal

• Directory traversal

DOM-based vulnerabilities

• DOM-based vulnerabilities
• DOM clobbering

HTTP Host header attacks

• HTTP Host header attacks
• Exploiting HTTP Host header vulnerabilities
• Password reset poisoning