Summary
Currently working on the TCM Security Practical Junior Web Tester certification. This page is to highlight the domains of what the certification covers as a resource for study and reference while I am working on this certification.
Technical Aspects
Attack Vectors Covered
Authentication Authorization Local File Inclusion and Path Traversal Remote File Inclusion SQL Injection Cross-Site Scripting (XSS) Command Injection Server Side Template Injection (SSTI) XML External Entity (XXE) Cross-Site Request Forgery (CSRF) Server-Side Request Forgery (SSRF)
PortSwigger Labs - Only Do Apprentice
- https://portswigger.net/web-security/authentication - Authentication
- https://portswigger.net/web-security/access-control - Authorization
- https://portswigger.net/web-security/file-path-traversal - Local File Inclusion (Not the same thing since Local File Inclusion is the ability to execute the file while file path traversal is just the ability to see it.)
- https://portswigger.net/web-security/file-upload - Remote File Inclusion
- https://portswigger.net/web-security/learning-paths/sql-injection - SQL Injection
- https://portswigger.net/web-security/cross-site-scripting#what-is-cross-site-scripting-xss - Cross-Site Scripting (XSS)
- https://portswigger.net/web-security/os-command-injection - Command Injection
- https://portswigger.net/web-security/server-side-template-injection - Server-Side Template Injection
- https://portswigger.net/web-security/xxe - XML External Entity (XXE)
- https://portswigger.net/web-security/csrf - Cross-Site Request Forgery (CSRF)
- https://portswigger.net/web-security/ssrf - Server-Side Request Forgery (SSRF)