Web attacks
Introduction This topic brings together three very common web attack families: HTTP verb tampering, insecure direct object references, and XML external entity injection. They look different on the surface, but all three usually come from the same core weakness: the application trusts client-controlled input more than it should, and the backend does not enforce validation and authorization consistently. In practice, this means a tester can often move from a small logic flaw to data exposure, privilege escalation, or even server-side code execution. ...