Web & Application Security
Web application weaknesses, secure development concepts, and common attack techniques.
API security
Protecting the application interfaces that move data and actions between systems.
broken access control
When users can access data or functions that should be restricted.
cross-site request forgery
A web attack that tricks a logged-in browser into sending an unwanted request.
cross-site scripting
A web weakness that allows unwanted script to run in another user’s browser.
an open redirect
A weakness that lets a trusted website link send users to an untrusted destination.
remote code execution
A serious weakness where an attacker may cause a system to run unauthorised commands or code.
security misconfiguration
Risky or incorrect settings that expose systems, services, or data unnecessarily.
server-side request forgery
A web weakness where a server can be tricked into making requests it should not make.
SQL injection
A web application weakness where unsafe input can interfere with database queries.