- Server-side topics
- Client-side topics
- Advanced topics
- SQL injection
- Authentication
- Path traversal
- Command injection
- Business logic vulnerabilities
- Information disclosure
- Access control
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XXE injection
- NoSQL injection
- API testing
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
- Insecure deserialization
- Web LLM attacks
- GraphQL API vulnerabilities
- Server-side template injection
- Web cache poisoning
- HTTP Host header attacks
- HTTP request smuggling
- OAuth authentication
- JWT attacks
- Prototype pollution
- Essential skills