# Web Application

- [Top 100 web vulnerabilities](/bug-bounty-notes/web-application/top-100-web-vulnerabilities.md)
- [Introducing 20 web-application hacking tools🔥🤩🌵](/bug-bounty-notes/web-application/introducing-20-web-application-hacking-tools.md)
- [Comprehensive Web Application Testing Checklist](/bug-bounty-notes/web-application/comprehensive-web-application-testing-checklist.md)
- [Unveiling Open Ports with Advanced Techniques](/bug-bounty-notes/web-application/unveiling-open-ports-with-advanced-techniques.md)
- [The Art of XSS Exploitation](/bug-bounty-notes/web-application/the-art-of-xss-exploitation.md)
- [Crucial WordPress Security Misconfiguration You Need to Know](/bug-bounty-notes/web-application/crucial-wordpress-security-misconfiguration-you-need-to-know.md)
- [Understanding SSRF Vulnerabilities and Their Impact](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact.md): Ref: https://hackerone.com/reports/1864188
- [Exploring the Canvas: Common Exploits for Accessing Internal Pages](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/exploring-the-canvas-common-exploits-for-accessing-internal-pages.md)
- [Revealing Hidden Treasures: Accessing Internal Files via URL Scheme](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/revealing-hidden-treasures-accessing-internal-files-via-url-scheme.md)
- [Connecting to Services via URL Schemes](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/connecting-to-services-via-url-schemes.md)
- [Mastering SSRF Exploits: Unraveling Gopher's Web of Intrigue](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/mastering-ssrf-exploits-unraveling-gophers-web-of-intrigue.md)
- [XSPA: Navigating the Labyrinth of Port Scanning in SSRF](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/xspa-navigating-the-labyrinth-of-port-scanning-in-ssrf.md)
- [Unveiling the Secrets of Cloud Provider Metadata Through SSRF](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/unveiling-the-secrets-of-cloud-provider-metadata-through-ssrf.md)
- [Unlocking Forbidden Territories: Mastering Blacklist Bypass Techniques](/bug-bounty-notes/web-application/understanding-ssrf-vulnerabilities-and-their-impact/unlocking-forbidden-territories-mastering-blacklist-bypass-techniques.md)
- [Mastering Subdomain Takeovers](/bug-bounty-notes/web-application/mastering-subdomain-takeovers.md)
- [Comprehensive Guide to Web Content Discovery: Tools, Techniques, and Tips](/bug-bounty-notes/web-application/comprehensive-guide-to-web-content-discovery-tools-techniques-and-tips.md)
- [Exploring XPath Injection: Basics, Techniques, and Creative Exploitation](/bug-bounty-notes/web-application/exploring-xpath-injection-basics-techniques-and-creative-exploitation.md)
- [Understanding JSON API: A Comprehensive Guide](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide.md)
- [API Security Cheat Sheet PART - 1](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-1.md): Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 2](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-2.md): Extended Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 3](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-3.md): Further Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 4](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-4.md): Diverse Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 5](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-5.md): Varied Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 6](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-6.md): Diverse Authentication Techniques and Their Security Implications (continued)
- [API Security Cheat Sheet PART - 7](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-7.md): Advanced Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 8](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-8.md): Innovative Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 9](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-9.md): Complex Authentication Techniques and Their Security Implications
- [API Security Cheat Sheet PART - 10](/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide/api-security-cheat-sheet-part-10.md): Sophisticated Authentication Techniques and Their Security Implications
- [De-serialization Attack](/bug-bounty-notes/web-application/de-serialization-attack.md)
- [Understanding Common API Vulnerabilities: A Deep Dive](/bug-bounty-notes/web-application/understanding-common-api-vulnerabilities-a-deep-dive.md)
- [Technology Identification](/bug-bounty-notes/web-application/technology-identification.md)
- [Link Extraction Tools](/bug-bounty-notes/web-application/link-extraction-tools.md)
- [Parameter and Web Fuzzing Tools](/bug-bounty-notes/web-application/parameter-and-web-fuzzing-tools.md)
- [Screenshots](/bug-bounty-notes/web-application/screenshots.md)
- [File Inclusion,CSRF Injection,Directory Traversal](/bug-bounty-notes/web-application/file-inclusion-csrf-injection-directory-traversal.md)
- [GraphQL Injection,Insecure Deserialization,Header Injection](/bug-bounty-notes/web-application/graphql-injection-insecure-deserialization-header-injection.md)
- [Exploitation Tools Categorized by Vulnerability Type](/bug-bounty-notes/web-application/exploitation-tools-categorized-by-vulnerability-type.md)
- [Insecure Direct Object References, Open Redirect, Request Smuggling](/bug-bounty-notes/web-application/insecure-direct-object-references-open-redirect-request-smuggling.md)
- [Disclosed Reports 📝](/bug-bounty-notes/web-application/disclosed-reports.md)
- [Web Hack Tools](/bug-bounty-notes/web-application/web-hack-tools.md)