Lesson 1
: Introduction
Lesson 2
: Information Gathering
Lesson 3
: BurpSuite Introduction
Lesson 4
: Cross Site Scripting (XSS)
Lesson 5
: Host Header Injection
Lesson 6
: URL Redirection
Lesson 7
: Parameter Tampering
Lesson 8
: HTML Injection
Lesson 9
: SQL Injection
Lesson 10
: File Inclusion
Lesson 11
: Missing SPF Record
Lesson 12
: No Rate Limiting
Lesson 13
: Source Code Disclosure
Lesson 14
: Long Password DoS Attack
Lesson 15
: IDOR
Lesson 16
: Server-Side Request Forgery (SSRF)
Lesson 17
: Cross Site Request Forgery (CSRF)
Lesson 18
: Hostile Subdomain Takeover
Lesson 19
: S3 Bucket Takeover
Lesson 20
: Command Injection (RCE)
Lesson 21
: File Uploading
Lesson 22
: XML External Entity Injection
Lesson 23
: Buffer Overflow
Lesson 24
: WordPress Vulnerability
Lesson 25
: Joomla Vulnerability
Lesson 26
: Drupal Vulnerability
Lesson 27
: CMS Vulnerability Hunting
Lesson 28
: HSTS (HTTP Strict Transport Security)
Lesson 29
: Session Fixation
Lesson 30
: Account Lockout
Lesson 31
: Password Reset Poisoning
Lesson 32
: Identity Management Testing
Lesson 33
: Authentication Testing
Lesson 34
: Cryptographic Vulnerability
Lesson 35
: Session Management Testing
Lesson 36
: Exposed Source Code Control System
Lesson 37
: Apache Struts RCE Hunting
Lesson 38
: Web Cache Deceptions
Lesson 39
: Server-Side Includes Injection
Lesson 40
: Ticket Tricks Bug Bounty
Lesson 41
: Multi-Factor Authentication
Lesson 42
: HTTPoxy Attack
Lesson 43
: Webmin Authentication Bypass
Lesson 44
: Heartbleed
Lesson 45
: AppWeb Authentication Bypass
Lesson 46
: Nginx
Lesson 47
: MySQL Authentication Bypass
Lesson 48
: DNS Zone Transfer
Lesson 49
: Log Injection
Lesson 50
: Cache Testing
Lesson 51
: Black (Jinja-2) SSTI to RCE
Lesson 52
: Handloop Vulnerability
Lesson 53
: CSRF Same-Site Bypass
Lesson 54
: JWT Token Attack
Lesson 55
: Email Bounce Resource
Lesson 56
: IVR Call Request Crash
Lesson 57
: Weak Password Reset
Lesson 58
: Business Login Vulnerabilities
Lesson 59
: RPC Pingback Attack
Lesson 60
: WAF/MOD Security Bypass
Lesson 61
: Broken Authentication
Lesson 62
: Open Redirection
Lesson 63
: Null Byte Injection
Lesson 64
: CORS Vulnerabilities