# Web Application - [Abusing HTTP hop-by-hop Request Headers](/cheat-sheets/web-application/abusing-http-hop-by-hop-request-headers.md) - [Broken Authentication](/cheat-sheets/web-application/broken-authentication.md) - [Two-Factor Authentication Vulnerabilities](/cheat-sheets/web-application/broken-authentication/two-factor-authentication-vulnerabilities.md) - [Command Injection](/cheat-sheets/web-application/command-injection.md) - [Parameters Injection](/cheat-sheets/web-application/command-injection/parameters-injection.md) - [Content Security Policy](/cheat-sheets/web-application/content-security-policy.md) - [Cookie Security](/cheat-sheets/web-application/cookie-security.md) - [Cookie Bomb](/cheat-sheets/web-application/cookie-security/cookie-bomb.md) - [Cookie Jar Overflow](/cheat-sheets/web-application/cookie-security/cookie-jar-overflow.md) - [Cookie Tossing](/cheat-sheets/web-application/cookie-security/cookie-tossing.md) - [CORS Misconfiguration](/cheat-sheets/web-application/cors-misconfiguration.md) - [File Upload Vulnerabilities](/cheat-sheets/web-application/file-upload-vulnerabilities.md) - [GraphQL Vulnerabilities](/cheat-sheets/web-application/graphql-vulnerabilities.md) - [HTML Injection](/cheat-sheets/web-application/html-injection.md) - [base](/cheat-sheets/web-application/html-injection/base.md) - [iframe](/cheat-sheets/web-application/html-injection/iframe.md) - [meta](/cheat-sheets/web-application/html-injection/meta.md) - [target attribute](/cheat-sheets/web-application/html-injection/target.md) - [HTTP Header Security](/cheat-sheets/web-application/http-headers-security.md) - [HTTP Request Smuggling](/cheat-sheets/web-application/http-request-smuggling.md) - [Improper Rate Limits](/cheat-sheets/web-application/improper-rate-limits.md) - [JavaScript Prototype Pollution](/cheat-sheets/web-application/javascript-prototype-pollution.md) - [JSON Web Token Vulnerabilities](/cheat-sheets/web-application/json-web-token-vulnerabilities.md) - [OAuth 2.0 Vulnerabilities](/cheat-sheets/web-application/oauth-2.0-vulnerabilities.md) - [OpenID Connect Vulnerabilities](/cheat-sheets/web-application/oauth-2.0-vulnerabilities/openid-connect.md) - [Race Condition](/cheat-sheets/web-application/race-condition.md) - [Server Side Request Forgery](/cheat-sheets/web-application/server-side-request-forgery.md) - [Post Exploitation](/cheat-sheets/web-application/server-side-request-forgery/post-exploitation.md) - [Web Cache Poisoning](/cheat-sheets/web-application/web-cache-poisoning.md)