Vulnerability Types
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery is an attack that forces authenticated users to execute unintended actions on a web application by exploiting the browser's automatic inclusion of credentials in requests.
Cross-Site Scripting (XSS)
Cross-Site Scripting is a client-side code injection vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, enabling session hijacking and data theft.
Insecure Deserialization
Insecure Deserialization is a vulnerability that occurs when an application deserializes untrusted data without proper validation, potentially allowing attackers to execute arbitrary code or manipulate application logic.
Insecure Direct Object References (IDOR)
Insecure Direct Object References occur when an application exposes internal object identifiers in URLs or parameters without proper authorization checks, allowing attackers to access other users' data.
Path Traversal
Path Traversal is a vulnerability that allows attackers to access files and directories outside the intended directory by manipulating file path references with sequences like ../ in application input.
Remote Code Execution (RCE)
Remote Code Execution is a critical vulnerability class that allows an attacker to execute arbitrary code on a target system remotely, often leading to complete system compromise and lateral movement.
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery is a vulnerability that allows an attacker to induce a server-side application to make HTTP requests to an arbitrary domain or internal resource of the attacker's choosing.
SQL Injection
SQL Injection is a code injection technique that exploits vulnerabilities in an application's database layer by inserting malicious SQL statements into input fields or query parameters.
Attack Techniques
Credential Stuffing
Credential Stuffing is an automated attack technique where stolen username-password pairs from data breaches are systematically tested against login endpoints to compromise accounts that reuse credentials.
Lateral Movement
Lateral Movement refers to the techniques attackers use after initial compromise to move through a network, accessing additional systems and escalating their reach toward high-value targets.
Privilege Escalation
Privilege Escalation is the exploitation of a vulnerability or misconfiguration that allows an attacker to gain elevated access rights beyond what was originally granted, moving from low-privilege to high-privilege accounts.
Supply Chain Attack
A Supply Chain Attack targets the less-secure elements in a software supply chain, such as third-party libraries, build systems, or update mechanisms, to compromise downstream consumers of that software.
Security Tools
Burp Suite
Burp Suite is a comprehensive web application security testing platform developed by PortSwigger that provides an intercepting proxy, scanner, and extensible toolkit for manual and automated security testing.
Metasploit
Metasploit is an open-source penetration testing framework that provides exploit modules, payload generation, post-exploitation tools, and auxiliary modules for comprehensive security testing of networks and applications.
Nmap
Nmap (Network Mapper) is an open-source network scanning tool used for host discovery, port scanning, service enumeration, and OS fingerprinting, widely used in penetration testing reconnaissance.
SQLMap
SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection vulnerabilities, supporting a wide range of database management systems and injection techniques.
Compliance Frameworks
ISO 27001
ISO 27001 is an international standard for information security management systems (ISMS) that provides a systematic framework for managing sensitive company information through risk assessment and security controls.
NIST Cybersecurity Framework
The NIST Cybersecurity Framework is a voluntary risk-based framework developed by the National Institute of Standards and Technology that provides organizations with guidelines for managing and reducing cybersecurity risk.
PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a mandatory security standard for organizations that handle credit card data, requiring specific technical and operational controls including regular penetration testing.
SOC 2
SOC 2 is a compliance framework developed by the AICPA that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy of customer data.
AI Concepts
Agentic AI
Agentic AI refers to artificial intelligence systems that can autonomously plan, reason, and execute multi-step tasks toward a defined goal with minimal human intervention, adapting their approach based on observations.
AI Red Teaming
AI Red Teaming is the practice of using artificial intelligence to simulate adversarial attacks against systems and organizations, or the practice of adversarially testing AI systems themselves for safety and security flaws.
LLM Agents
LLM Agents are systems built on large language models that use tool-calling, memory, and planning capabilities to autonomously accomplish tasks by interacting with external environments and APIs.
Multi-Agent Systems
Multi-Agent Systems are AI architectures where multiple autonomous agents collaborate, specialize in different tasks, and coordinate their actions to solve complex problems more effectively than a single agent.
Pentesting Methodology
Open Source Security Testing Methodology Manual (OSSTMM)
OSSTMM is a peer-reviewed security testing methodology that provides a scientific framework for measuring operational security through comprehensive testing of physical, human, wireless, telecommunications, and data network channels.
OWASP Top 10
The OWASP Top 10 is a regularly updated consensus document representing the ten most critical web application security risks, serving as an industry standard awareness guide for developers and security teams.
Penetration Testing Execution Standard (PTES)
The Penetration Testing Execution Standard is a comprehensive methodology that defines the phases and technical guidelines for conducting professional penetration tests, from pre-engagement through reporting.
Threat Modeling
Threat Modeling is a structured approach to identifying, quantifying, and addressing security threats to a system by analyzing its architecture, data flows, trust boundaries, and potential attack vectors systematically.