- Training with Vulnerable Web Applications - List of Vulnerable Applications that are available to the public for testing and training purposes.
Learn the following concepts in https://dunnesec.com/category/attacks-defence/http-header-injection/
- Apache MultiViews
- ASP.NET View State
- Blind XSS
- Change Password - Weak
- Content Security Policy
- Cookie Attributes
- ClickJacking
- CursorJacking
- Cross Site Scripting
- Cross Site Tracing - XST
- Drag & Drop ClickJacking
- Error Codes & Custom 404s
- HTTP Headers
- HTTP Header Injection
- HTTP Parameter Pollution
- HTTPOnly Cookie
- Mime Sniffing
- Reflected File Download (RFD)
- Server Side Request Forgery - SSRF
- ShellShock - bWAPP
- Spear Phishing
- TabNapping
- QR Codes
- Web Defacement – XSS