> For the complete documentation index, see [llms.txt](https://www.hackbook.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hackbook.io/web-application-hacking.md).

# Web Application Hacking

- [Web 101](https://www.hackbook.io/web-application-hacking/web-hacking-basics-to-know.md)
- [Clients](https://www.hackbook.io/web-application-hacking/web-hacking-basics-to-know/clients.md)
- [Servers](https://www.hackbook.io/web-application-hacking/web-hacking-basics-to-know/servers.md)
- [Encodings](https://www.hackbook.io/web-application-hacking/web-hacking-basics-to-know/encodings.md)
- [Web Hacking Techniques](https://www.hackbook.io/web-application-hacking/web-techniques.md)
- [SOP](https://www.hackbook.io/web-application-hacking/web-techniques/sop.md): Same Origin Policies
- [Open Redirect](https://www.hackbook.io/web-application-hacking/web-techniques/open-redirect.md)
- [File & Resource Attacks](https://www.hackbook.io/web-application-hacking/web-techniques/file-and-resource-attacks.md)
- [Directory Traversal](https://www.hackbook.io/web-application-hacking/web-techniques/file-and-resource-attacks/directory-traversal.md)
- [Dir Traversal Fuzzer](https://www.hackbook.io/web-application-hacking/web-techniques/file-and-resource-attacks/directory-traversal/dir-traversal-fuzzer.md)
- [LFI](https://www.hackbook.io/web-application-hacking/web-techniques/file-and-resource-attacks/lfi.md)
- [RFI](https://www.hackbook.io/web-application-hacking/web-techniques/file-and-resource-attacks/rfi.md)
- [Unrestricted File Uploads](https://www.hackbook.io/web-application-hacking/web-techniques/file-and-resource-attacks/unrestricted-file-uploads.md)
- [XSS](https://www.hackbook.io/web-application-hacking/web-techniques/xss.md): Cross Site Scripting
- [DOM](https://www.hackbook.io/web-application-hacking/web-techniques/xss/dom.md)
- [Stored](https://www.hackbook.io/web-application-hacking/web-techniques/xss/stored.md)
- [Reflected](https://www.hackbook.io/web-application-hacking/web-techniques/xss/reflected.md)
- [Blind](https://www.hackbook.io/web-application-hacking/web-techniques/xss/blind.md)
- [Self XSS](https://www.hackbook.io/web-application-hacking/web-techniques/xss/self-xss.md)
- [XXE](https://www.hackbook.io/web-application-hacking/web-techniques/xxe.md): (XEE) XML External Entity
- [XXE Payloads](https://www.hackbook.io/web-application-hacking/web-techniques/xxe/xxe-payloads.md)
- [XPath](https://www.hackbook.io/web-application-hacking/web-techniques/xpath.md)
- [SSRF](https://www.hackbook.io/web-application-hacking/web-techniques/ssrf.md): Server-Side Request Forgery
- [CSRF](https://www.hackbook.io/web-application-hacking/web-techniques/csrf.md): Cross Site Request Forgery (aka: XSRF or Sea-Surf)
- [SQLi](https://www.hackbook.io/web-application-hacking/web-techniques/sqli.md): Structured Query Language injections (input validation attacks)
- [SQL Basics](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/sql-basics.md)
- [Securing SQL](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/securing-sql.md)
- [Hacking SQL](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/hacking-sql.md)
- [sqlmap](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/hacking-sql/sqlmap.md)
- [In-Band](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/hacking-sql/in-band.md)
- [Error Based](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/hacking-sql/error-based.md)
- [Blind](https://www.hackbook.io/web-application-hacking/web-techniques/sqli/hacking-sql/blind.md)
- [Authorization](https://www.hackbook.io/web-application-hacking/web-techniques/authorization.md)
- [Session Hijacking](https://www.hackbook.io/web-application-hacking/web-techniques/session-hijacking.md)
- [Command Injection](https://www.hackbook.io/web-application-hacking/web-techniques/command-injection.md)
- [Insecure Deserialization](https://www.hackbook.io/web-application-hacking/web-techniques/insecure-deserialization.md)
- [File Uploads](https://www.hackbook.io/web-application-hacking/web-techniques/file-uploads.md)
- [File Upload Mitigations](https://www.hackbook.io/web-application-hacking/web-techniques/file-uploads/file-upload-mitigations.md)
- [HPP](https://www.hackbook.io/web-application-hacking/web-techniques/hpp.md): HTTP Parameter Pollution
- [Click Jacking](https://www.hackbook.io/web-application-hacking/web-techniques/click-jacking.md): aka: UI Redressing
- [Adobe SWF Investigator](https://www.hackbook.io/web-application-hacking/web-techniques/click-jacking/adobe-swf-investigator.md)
- [HTTP Response Splitting](https://www.hackbook.io/web-application-hacking/web-techniques/http-response-splitting.md)
- [Flash 101](https://www.hackbook.io/web-application-hacking/web-techniques/flash.md)
- [Flash Hacking](https://www.hackbook.io/web-application-hacking/web-techniques/flash/flash-hacking.md)
- [HTML5](https://www.hackbook.io/web-application-hacking/web-techniques/html5.md)
- [WebSockets](https://www.hackbook.io/web-application-hacking/web-techniques/html5/websockets.md)
- [CORS](https://www.hackbook.io/web-application-hacking/web-techniques/html5/cors.md)
- [iframe](https://www.hackbook.io/web-application-hacking/web-techniques/html5/cors/iframe.md)
- [Headers](https://www.hackbook.io/web-application-hacking/web-techniques/html5/cors/headers.md)
- [Web Hacking Procedures](https://www.hackbook.io/web-application-hacking/web-hacking-procedures.md)
- [Captcha](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/captcha.md)
- [Username Generation](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/username-generation.md)
- [Username Enumeration](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/username-enumeration.md)
- [Inhouse WebApps](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/inhouse.md): Sometimes smaller sites will make inhouse/proprietary Webapp solutions.
- [SSL Cert Generation](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/ssl-cert-generation.md): Using OpenSSL
- [CMS](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/cms.md): Content Management System Categories
- [WordPress](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/cms/wordpress.md)
- [Joomla](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/cms/joomla.md)
- [Popular Exploits](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/popular-exploits.md)
- [Bludit CMS](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/popular-exploits/bludit-cms.md)
- [ShellShock](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/popular-exploits/shellshock.md)
- [WebDav](https://www.hackbook.io/web-application-hacking/web-hacking-procedures/popular-exploits/webdav.md)
