Web Security OWASPStudy Notes
Everything on SkillVeris tagged Web Security OWASPStudy Notes — collected across the glossary, study notes, blog, and cheat sheets.
30 resources across 1 library
Study Notes(30)
Broken Access Control
Broken access control is the failure to properly enforce what authenticated users are allowed to do, letting attackers view or modify data and functions that s…
Broken Authentication Risks
Understand how authentication mechanisms fail in practice — from credential stuffing to weak session handling — and how OWASP frames these risks.
Clickjacking and Frame Protections
Clickjacking tricks a user into clicking something different from what they perceive, typically by overlaying an invisible iframe of a target site beneath dece…
Command Injection
Understand how command injection lets attackers execute arbitrary operating system commands through vulnerable application inputs, and why it's often more dang…
Common Web Security Tools
An overview of the core tool categories used in web security work — intercepting proxies, static and dynamic scanners, and reconnaissance tools — and when to u…
Cross-Site Scripting (XSS) Explained
Understand how attackers inject malicious scripts into web pages viewed by other users, and the three major categories of XSS: stored, reflected, and DOM-based.
CSRF Explained and Prevention
Cross-Site Request Forgery tricks a logged-in user's browser into submitting an unwanted, state-changing request to a site it trusts, using the victim's own va…
Insecure Deserialization
Learn how deserializing untrusted data can lead to remote code execution, object injection, and denial of service, and how to safely handle serialized data.
Multi-Factor Authentication
Understand the categories of authentication factors, how TOTP and WebAuthn work under the hood, and why MFA dramatically reduces account-takeover risk.
OAuth and OIDC Security Basics
Learn the difference between OAuth 2.0 (authorization) and OpenID Connect (authentication), and the common misconfigurations that lead to token theft and accou…
Penetration Testing Basics
The fundamentals of penetration testing — how it differs from scanning, the standard engagement phases, and the black-box/gray-box/white-box testing spectrum.
Preventing SQL Injection
A practical guide to the defenses that actually stop SQL Injection: parameterized queries, safe ORM usage, input validation, least privilege, and WAFs.
Preventing XSS
Learn the core defenses against Cross-Site Scripting: contextual output encoding, sanitization, and Content Security Policy, plus how they work together.
Secure Coding Checklist
A practical, enforceable checklist covering input validation, authentication, authorization, dependency hygiene, and CI gating for shipping secure code by defa…
Secure Password Storage
Learn why passwords must never be stored in plaintext or reversible form, and how modern hashing algorithms like bcrypt and Argon2 protect credentials at rest.
Secure SDLC Overview
How security practices integrate into every phase of the software development lifecycle, from requirements gathering through deployment and maintenance.
Security Headers Explained
HTTP security headers let a server instruct the browser to enforce protective behaviors, such as blocking mixed content, refusing to be framed, or restricting…
Security Logging and Monitoring
Learn why insufficient logging and monitoring lets breaches go undetected for months, and how to build effective detection and response capability.
Security Misconfiguration
Security misconfiguration covers the gap between a system's secure potential and its insecure default or actual state — from exposed debug consoles to unpatche…
Sensitive Data Exposure
Understand how sensitive data like passwords, tokens, and PII leak through weak cryptography, misconfigured storage, and insecure transport, and how to prevent…
Session Management Security
Explore how web sessions are created, maintained, and terminated securely, and the common pitfalls — like session fixation and token leakage — that break them.
SQL Injection Explained
Learn how attackers manipulate SQL queries by injecting malicious input, and why this remains one of the most dangerous web application vulnerabilities.
SSRF Explained
Learn how Server-Side Request Forgery lets attackers trick a server into making unauthorized requests to internal systems, and how to prevent it.
The CIA Triad in Web Apps
How confidentiality, integrity, and availability apply concretely to web application design, and what breaks when each one fails.
Showing 24 of 30.