Cheat Sheets
Deep-dive references with real-world-inspired bug walkthroughs, prevention strategy, and safe copy-ready testing strings.
XSS
What it is, detection clues, safe handling, and secure examples.
Open sheetJWT
Token structure, validation checklist, and secure implementation examples.
Open sheetIDOR (Access Control)
Broken object authorization explained with secure patterns and checks.
Open sheetCommon Bugs
SQLi, CSRF, SSRF, misconfig and auth bugs explained with defensive patterns.
Open sheetOpen Redirect
Detection cues and safe redirect patterns for apps and APIs.
Open sheetSSRF
URL classifications, safe policies, and blocked-example tests.
Open sheetCSRF
Defense strategies for cookies, APIs, and SPAs with examples.
Open sheet