# Web - [SQL injection (SQLi)](/the-pentesters-cheat-sheet/exploitation/web/sql-injection.md) - [Cross site scripting (XSS)](/the-pentesters-cheat-sheet/exploitation/web/cross-site-scripting.md) - [File inclusions (LFI, RFI)](/the-pentesters-cheat-sheet/exploitation/web/file-inclusions.md) - [Directory traversal](/the-pentesters-cheat-sheet/exploitation/web/directory-traversal.md) - [Cross site request forgery (CSRF)](/the-pentesters-cheat-sheet/exploitation/web/cross-site-request-forgery.md) - [XML external entity (XXE)](/the-pentesters-cheat-sheet/exploitation/web/xml-external-entity-injection.md) - [Cross origin resource sharing (CORS)](/the-pentesters-cheat-sheet/exploitation/web/cross-origin-resource-sharing.md) - [Server-side request forgery (SSRF)](/the-pentesters-cheat-sheet/exploitation/web/server-side-request-forgery.md) - [Server-side template injection (SSTI)](/the-pentesters-cheat-sheet/exploitation/web/server-side-template-injection.md) - [Access control vulnerabilities](/the-pentesters-cheat-sheet/exploitation/web/access-control.md) - [Authentication vulnerabilities](/the-pentesters-cheat-sheet/exploitation/web/authentication.md) - [JWT attacks](/the-pentesters-cheat-sheet/exploitation/web/jwt-attacks.md) - [File uploads](/the-pentesters-cheat-sheet/exploitation/web/file-uploads.md) - [Host header attacks](/the-pentesters-cheat-sheet/exploitation/web/host-header-attacks.md) - [Clickjacking](/the-pentesters-cheat-sheet/exploitation/web/clickjacking.md) - [Logic flaws](/the-pentesters-cheat-sheet/exploitation/web/logic-flaws.md) - [OS command injection](/the-pentesters-cheat-sheet/exploitation/web/os-command-injection.md) - [HTTP Request smuggling](/the-pentesters-cheat-sheet/exploitation/web/http-request-smuggling.md) - [Insecure deserialization](/the-pentesters-cheat-sheet/exploitation/web/insecure-deserialization.md) - [DOM-based](/the-pentesters-cheat-sheet/exploitation/web/dom-based.md) - [WebSockets](/the-pentesters-cheat-sheet/exploitation/web/websockets.md) - [Web cache poisoning](/the-pentesters-cheat-sheet/exploitation/web/web-cache-poisoning.md)