Cross-Site Scripting (XSS) occurs when an attacker injects malicious scripts into content delivered to a user's browser. Understanding script context and injection points is critical for both attack and defense.
Session Management is the process by which a web application maintains state and identity for authenticated users across multiple HTTP requests. Since HTTP is stateless, sessions rely on tokens (cookies, URL parameters, or custom headers) to associate a user with their previous interactions.
Layer 2 (Data Link Layer) security is often overlooked in penetration testing, yet it forms the foundation of network infrastructure security. This comprehensive guide bridges the gap between theoretical knowledge and practical application, focusing on how to approach Layer 2 security testing in authorized environments.
Conducting a Layer 2 security test for a specific domain like domain.tech presents a unique challenge. Unlike a web application, layer 2 (the Data Link Layer) is confined to the local network segment. This means you cannot directly test the switches or internal network infrastructure of domain.tech from the internet.
However, if your bug bounty scope explicitly includes testing the local network (for example, if you are on-site, or if the company provides VPN access that places you inside their network), the checklist you provided becomes highly relevant. In such a scenario, you would
This document provides a detailed explanation of all web security concepts, techniques, and commands commonly used in Capture The Flag (CTF) competitions. Each section breaks down the underlying principles, why certain attacks work, and how to apply them in real scenarios.