# Web App Pentest

- [Tools](/web-app-pentest/tools.md)
- [Burp Suite](/web-app-pentest/tools/burp-suite.md)
- [THC-Hydra BruteForce](/web-app-pentest/tools/thc-hydra-bruteforce.md)
- [Injection](/web-app-pentest/injection.md)
- [SQL Injection](/web-app-pentest/injection/sql-injection.md)
- [Broken Authentication](/web-app-pentest/broken-authentication.md)
- [Sensitive Data Exposure](/web-app-pentest/sensitive-data-exposure.md)
- [SQLite3](/web-app-pentest/sensitive-data-exposure/sqlite3.md)
- [XML External Entity](/web-app-pentest/xml-external-entity.md)
- [XML Background](/web-app-pentest/xml-external-entity/xml-background.md)
- [XPath Injection](/web-app-pentest/xml-external-entity/xpath-injection.md)
- [Broken Access Control](/web-app-pentest/broken-access-control.md)
- [Security Misconfiguration](/web-app-pentest/security-misconfiguration.md)
- [Upload/Download](/web-app-pentest/upload-download.md)
- [Download Bypass: Poison Null Byte](/web-app-pentest/upload-download/error-only-.md-and-.pdf-files-are-allowed.md): Error: Only .md and .pdf files are allowed!
- [XSS](/web-app-pentest/xss.md)
- [DOMXSS](/web-app-pentest/xss/domxss.md)
- [Persistent XSS](/web-app-pentest/xss/persistent-xss.md)
- [Reflected (Client-side) XSS](/web-app-pentest/xss/reflected-client-side-xss.md)
- [Data URLs](/web-app-pentest/xss/data-urls.md)
- [Insecure Deserialization](/web-app-pentest/insecure-deserialization.md)
- [Components with Known Vulnerabilities](/web-app-pentest/components-with-known-vulnerabilities.md)
- [Insufficient Logging and Monitoring](/web-app-pentest/insufficient-logging-and-monitoring.md)
- [Server-Side Request Forgery (SSRF)](/web-app-pentest/server-side-request-forgery-ssrf.md)