1. Server-Side Request Forgery
* Basic SSRF against the local server
* Basic SSRF against another back-end system
* SSRF with blacklist-based input filter
* SSRF with whitelist-based input filter
* Bypassing SSRF filters via open redirection
2. Price Tampering Vulnerabilities
* Business logic Vulnerabilities
* Excessive trust in client-side controls
* High-level logic vulnerability
3. Cross Site Scripting (XSS)
* How does XSS work?
* XSS proof of concept
* Reflected cross-site scripting
* Stored cross-site scripting
* DOM-based cross-site scripting
4. Insecure Direct Object Reference (IDOR)
* Reflected cross-site scripting
5. (FPD) Full Path Disclosure
* Dirsearch : Directory Search
* DirBuster : Directory Search
* DIRB: Web Fuzzer
6. Local File Inclusion (LFI)
* Directory Traversal
7. FTP Exploit Reverse Shell
* VSFTPD v2.3.4 Backdoor Command Execution
8. OS Command Injection ?
* Ways of injecting OS commands