Direct object reference

Privilege escalation

XSS

 Parameter tampering

Verifying user credentials

Determining user access levels

Tracking and logging user actions

Enforcing complex password policies

By embedding JavaScript into XML tags for enhanced functionality

By removing the XML declaration from documents  

By injecting malicious XML code into an application to manipulate its processing logic  

By adding invalid syntax to XML documents to cause errors  

Relying on outdated hashing algorithms for password storage.

Allowing unauthorized access to critical functions due to poorly defined access controls.

Misusing third-party authentication mechanisms.

Exposing sensitive data through insufficient encryption.

Finding misconfigured DNS records

Enumerating all website resources for security testing

Extracting user credentials

Analyzing backend services

By blocking cookies for all external domains

By ensuring cookies are not sent with cross-origin requests

By encrypting the cookies with secure algorithms

By marking cookies as HTTPOnly

Extracting data from database queries

Detecting application-layer attacks

Identifying open ports on a server

Querying records like A, MX, NS, and CNAME for domain insights

Stored XSS

DOM-Based XSS

Server-Side XSS

Reflected XSS

To improve website performance

To encrypt all communications between server and client

To restrict the sources of content and prevent execution of malicious code

To validate user inputs on the server

It prevents malicious redirects

It validates session tokens

It ensures all requests are encrypted

It confirms requests originate from a trusted source