理论知识: https://portswigger.net/web-security/deserialization Lab: Modifying serialized objects——实验室:修改序列化对象 https://portswigger.net/web-security/deserialization/exploiting/lab-d…
Insecure deserialization——不安全的反序列化
JWT attacks——JWT 攻击
理论知识: https://portswigger.net/web-security/jwt Lab: JWT authentication bypass via unverified signature——实验:通过未经验证的签名绕过 JWT 身份验证 https://portswigger.net/web-security/jwt/lab-jw…
OAuth authentication——OAuth 身份验证
理论知识 https://portswigger.net/web-security/oauth Lab: Authentication bypass via OAuth implicit flow——实验:通过 OAuth 隐式流绕过身份验证 https://portswigger.net/web-security/oauth/lab-oauth-…
API testing——API测试
理论知识 https://portswigger.net/web-security/api-testing Lab: Exploiting an API endpoint using documentation——实验:使用文档开发 API 端点 https://portswigger.net/web-security/api-testing/la…
Web LLM attacks——Web LLM 攻击
理论知识 https://portswigger.net/web-security/llm-attacks Lab: Exploiting LLM APIs with excessive agency——实验:利用 LLM API 的代理能力 https://portswigger.net/web-security/llm-attacks/lab-…
Web cache deception——Web缓存欺骗
理论知识学习 https://portswigger.net/web-security/web-cache-deception Lab: Exploiting path mapping for web cache deception——实验:利用路径映射进行 Web 缓存欺骗 https://portswigger.net/web-security…