Web application attack runbooksΒΆ
Step-by-step procedures for each stage of web application testing. Start with recon and surface mapping to build the complete picture, then proceed to targeted attack runbooks.
- Runbook: Web application surface discovery
- Runbook: Authentication and session testing
- Runbook: JWT attacks
- Runbook: OAuth and SSO attacks
- Runbook: Access control testing
- Runbook: Server-side injection testing
- Runbook: Path traversal
- Runbook: File upload to web shell
- Runbook: Insecure deserialisation
- Runbook: Prototype pollution
- Runbook: Client-side attack testing
- Runbook: HTTP request smuggling and desync
- Runbook: HTTP Host header attacks
- Runbook: Web cache poisoning
- Runbook: Workflow and business logic testing