These topics are listed in the course syllabus therefore they can be used during the exam:
SQL Injection - Payloadsarrow-up-right
Deserialization
Persistent Cross-Site Scripting
Bypassing File Upload Restrictions
IDOR
SQL Injection RCE (Postgres UDF or Mysql copy to function)
Weak random token generator
XXE - Payloadsarrow-up-right
Type Juggling
XML Injection
Cross-Site Request Forgery - Payloadsarrow-up-right
SSTI - Payloadsarrow-up-right
Authentication Token/Cookie Manipulation
Prototype Pollution
-
JavaScript Injection
OS Command Injection
Last updated 5 months ago