BUILDING BLOCKS
- HYPERTEXT TRANSFER PROTOCOL – TRANSPORTATION
- HYPERTEXT MARKUP LANGUAGE – REPRESENTATION
- CASCADING STYLE SHEETS – BEAUTIFICATION
- JAVASCRIPT – MODIFICATION
- CROSS-DOMAIN COMMUNICATION
- SAME-ORIGIN POLICY
- CROSS-ORIGIN RESOURCE SHARING
- WORKING ON CROSS-ORIGIN RESOURCE SHARING
- CROSS-DOCUMENT MESSAGING
- WEBSOCKET
- PERSISTENT ENTITIES
- COOKIES
- WEB STORAGE (LOCAL STORAGE AND SESSION STORAGE)
- INDEXEDDB API
CLIENT-SIDE ATTACKS
- INSECURE COMMUNICATION
- MAN-IN-THE-MIDDLE ATTACKS
- CACHEABLE HTTP RESPONSES
- INSECURE CROSS-DOMAIN COMMUNICATION
- INSECURE CORS CONFIGURATION
- CROSS-SITE WEBSOCKET HIJACKING
- INSECURE CROSS-DOCUMENT MESSAGING
- CROSS-SITE SCRIPT INCLUSION (JSONP ATTACKS)
- LACK OF INPUT VALIDATION
- CROSS-SITE SCRIPTING
- CROSS-FRAME SCRIPTING
- HTML INJECTION
- SESSION HIJACKING
- INFORMATION LEAKAGE
- SUBRESOURCE INTEGRITY
- REFERER HEADER LEAKAGE
- INSECURE FILE PROCESSING
- MIME SNIFFING
- POLYGLOT FILE UPLOADS
- BYPASSING CLIENT-SIDE VALIDATIONS
- BYPASSING HTML5 REGEXES
- TAMPERING HTTP REQUESTS USING PROXY
- ABUSE OF FUNCTIONALITY
- ATTACKING CONTENT-SECURITY-POLICY MISCONFIGURATIONS
- EXPLOITING WEB STORAGE (LOCAL STORAGE AND SESSION STORAGE)
- CLICKJACKING
- CROSS-SITE REQUEST FORGERY
- CLIENT-SIDE PARAMETER PROCESSING
- DOM CLOBBERING ATTACK
- REVERSE TABNABBING
- REFLECTED FILE DOWNLOAD ATTACK
DEFENSIVE STRATEGIES
- SECURE COMMUNICATION
- USAGE OF STRICT-TRANSPORT-SECURITY HEADER
- USAGE OF CACHING DIRECTIVES
- SECURE CROSS-DOMAIN COMMUNICATION
- SECURE CROSS-ORIGIN-RESOURCE SHARING
- SECURE WEBSOCKET IMPLEMENTATION
- SECURE POSTMESSAGE COMMUNICATION
- INPUT VALIDATIONS
- CROSS-SITE SCRIPTING
- HTML INJECTION
- PREVENT DOM CLOBBERING ATTACK
- INFORMATION LEAKAGE
- SUBRESOURCE INTEGRITY
- PREVENTION OF REFERER HEADER LEAKAGE
- SECURE COOKIE ATTRIBUTES
- CONTENT-SECURITY POLICY
- BROWSER FEATURE POLICY
- JAVASCRIPT FRAMEWORK SECURITY FEATURES
