{"version":1,"pages":[{"id":"6M6U5te83qwyF7g793KX","title":"Index < START HERE","pathname":"/appsecexplained","siteSpaceId":"sitesp_4wUzj","description":""},{"id":"pSMs6aYWDi6f5mE3tLmR","title":"My courses","pathname":"/appsecexplained/index-less-than-start-here/my-courses","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Index < START HERE"}]},{"id":"gUxOroTFPliiaGKGa15h","title":"How to get started from zero","pathname":"/appsecexplained/index-less-than-start-here/how-to-get-started-from-zero","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Index < START HERE"}]},{"id":"3fDvowcG8hJlENmOlqj5","title":"Live Stream Content","pathname":"/appsecexplained/live-stream-content","siteSpaceId":"sitesp_4wUzj","emoji":"1f4fd"},{"id":"fxxK4QTCMMeHKeEAV0GB","title":"Resource of the week","pathname":"/appsecexplained/live-stream-content/resource-of-the-week","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Live Stream Content","emoji":"1f4fd"}]},{"id":"ayc47cTtHA2L68rFMvkB","title":"Methodology","pathname":"/appsecexplained/discovery-recon/methodology","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Discovery / Recon"}]},{"id":"StU579RlGeR7xZMtu7kn","title":"Content discovery / recon","pathname":"/appsecexplained/discovery-recon/content-discovery-recon","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Discovery / Recon"}]},{"id":"U37nCdxuiV9BHtFPsViL","title":"Subdomains","pathname":"/appsecexplained/discovery-recon/content-discovery-recon/subdomains","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Discovery / Recon"},{"label":"Content discovery / recon"}]},{"id":"Dy8HGRUYYGdWV2QDmeP6","title":"Endpoints","pathname":"/appsecexplained/discovery-recon/content-discovery-recon/endpoints","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Discovery / Recon"},{"label":"Content discovery / recon"}]},{"id":"Skg9yMNcpq1a9jWfVgZy","title":"Parameters","pathname":"/appsecexplained/discovery-recon/content-discovery-recon/parameters","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Discovery / Recon"},{"label":"Content discovery / recon"}]},{"id":"mptYLHMOTMm7S9neUwN3","title":"Spidering","pathname":"/appsecexplained/discovery-recon/content-discovery-recon/spidering","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Discovery / Recon"},{"label":"Content discovery / recon"}]},{"id":"K7GvP2bxyd4ob3OgHOwP","title":"SQL injection overview","pathname":"/appsecexplained/common-vulns/sql-injection-overview","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"56zvH6NB8PbuV5oSvs4E","title":"Detection","pathname":"/appsecexplained/common-vulns/sql-injection-overview/detection","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"SQL injection overview"}]},{"id":"yzolDLADlDtTVFqVBAp1","title":"Blind SQLi","pathname":"/appsecexplained/common-vulns/sql-injection-overview/blind-sqli","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"SQL injection overview"}]},{"id":"ioSi5mTxw6bxTzeEr4vi","title":"Second-order SQLi","pathname":"/appsecexplained/common-vulns/sql-injection-overview/second-order-sqli","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"SQL injection overview"}]},{"id":"4z1cjJ94VwYU1HF992B6","title":"SQLi lab setup & writeups","pathname":"/appsecexplained/common-vulns/sql-injection-overview/sqli-lab-setup-and-writeups","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"SQL injection overview"}]},{"id":"flDdnWvI4J6nwzsjG5cM","title":"NoSQL injection","pathname":"/appsecexplained/common-vulns/nosql-injection","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"}]},{"id":"Olo3qQAmDS0TPM0TxTUb","title":"JavaScript injection (XSS)","pathname":"/appsecexplained/common-vulns/javascript-injection-xss","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"iSFwjiI4EBf18J4luITZ","title":"XSS Methodology","pathname":"/appsecexplained/common-vulns/javascript-injection-xss/xss-methodology","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"JavaScript injection (XSS)"}]},{"id":"tg8YgnirUMnWrwL6TLZ6","title":"File Inclusion","pathname":"/appsecexplained/common-vulns/file-inclusion","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"}]},{"id":"yQH335Xr8J00kTtVDxvh","title":"Local file inclusion","pathname":"/appsecexplained/common-vulns/file-inclusion/local-file-inclusion","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"File Inclusion"}]},{"id":"JxGMZIjCZKUst7TSDLf1","title":"Directory traversal","pathname":"/appsecexplained/common-vulns/file-inclusion/local-file-inclusion/directory-traversal","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"File Inclusion"},{"label":"Local file inclusion"}]},{"id":"cZI2iwXw1bRTwRtdWJlb","title":"Command injection","pathname":"/appsecexplained/common-vulns/command-injection","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"idUQBNdX5eu8doQu1VKM","title":"XXE (XML external entity) injection","pathname":"/appsecexplained/common-vulns/xxe-xml-external-entity-injection","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"RdpH2Tzn5uaiwopaWtwM","title":"Blind XXE","pathname":"/appsecexplained/common-vulns/xxe-xml-external-entity-injection/blind-xxe","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"XXE (XML external entity) injection"}]},{"id":"fHlA8KTjMCzagFgvIVTQ","title":"Template injection","pathname":"/appsecexplained/common-vulns/template-injection","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"OBzLEL2god9uvBiLHOfu","title":"Server-side template injection","pathname":"/appsecexplained/common-vulns/template-injection/server-side-template-injection","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Template injection"}]},{"id":"9Pci7xaadxd7CUBANYyj","title":"Client-side template injection","pathname":"/appsecexplained/common-vulns/template-injection/client-side-template-injection","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Template injection"}]},{"id":"mLbZsfG45YavcuuqYsX5","title":"Authentication","pathname":"/appsecexplained/common-vulns/authentication","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"0onbsm93eHN5s8Q0nGrZ","title":"Attacking password-based authentication","pathname":"/appsecexplained/common-vulns/authentication/attacking-password-based-authentication","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"Authentication"}]},{"id":"RWTryNBP9gRLBZbh0bzP","title":"Attacking MFA","pathname":"/appsecexplained/common-vulns/authentication/attacking-mfa","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Authentication"}]},{"id":"5OJiVrkMFa1R0bOvR2r4","title":"Authentication lab setup & writeups","pathname":"/appsecexplained/common-vulns/authentication/authentication-lab-setup-and-writeups","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"Authentication"}]},{"id":"CCge71buhJSdJl1s7eUn","title":"Cross-Site Request Forgery (CSRF)","pathname":"/appsecexplained/common-vulns/cross-site-request-forgery-csrf","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"htvmYqeMo82Iekpmvdmz","title":"Insecure deserialization","pathname":"/appsecexplained/common-vulns/insecure-deserialization","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"6wSuihtZACc7YPFcvbNE","title":"PHP","pathname":"/appsecexplained/common-vulns/insecure-deserialization/php","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Insecure deserialization"}]},{"id":"3v20iryCswIAjDThbHxE","title":"Java","pathname":"/appsecexplained/common-vulns/insecure-deserialization/java","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Insecure deserialization"}]},{"id":"ILkwIJEIvWTvHuXo5TRz","title":"Python","pathname":"/appsecexplained/common-vulns/insecure-deserialization/python","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Insecure deserialization"}]},{"id":"MJ09CiMM1q7gDu0pIWaC","title":".NET","pathname":"/appsecexplained/common-vulns/insecure-deserialization/.net","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Insecure deserialization"}]},{"id":"iv1RsqDvHz6KPF1o9doq","title":"Server-side request forgery (SSRF)","pathname":"/appsecexplained/common-vulns/server-side-request-forgery-ssrf","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"oAjutWy24SLJeL9U0tlv","title":"Insecure file upload","pathname":"/appsecexplained/common-vulns/insecure-file-upload","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"e82NyJ99D0vEh1krGJw0","title":"Clickjacking","pathname":"/appsecexplained/common-vulns/clickjacking","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"EIc2wvLMNDrKjbsorIgP","title":"Open redirect","pathname":"/appsecexplained/common-vulns/open-redirect","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"0IRB9uS5VDBla5Wh1UzL","title":"Vulnerable components","pathname":"/appsecexplained/common-vulns/vulnerable-components","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"xZ9azk7hnjAh9ms2HVLf","title":"Race conditions","pathname":"/appsecexplained/common-vulns/race-conditions","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"}]},{"id":"YVtULasmxaa6ybYs0Q6y","title":"Limit overrun","pathname":"/appsecexplained/common-vulns/race-conditions/limit-overrun","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Common vulns"},{"label":"Race conditions"}]},{"id":"oRvWi8NvLNSARfledSun","title":"Prototype pollution","pathname":"/appsecexplained/common-vulns/prototype-pollution","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"CD2U0NaXqAWn6n5ZIIMG","title":"Client-side prototype pollution","pathname":"/appsecexplained/common-vulns/prototype-pollution/client-side-prototype-pollution","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"Prototype pollution"}]},{"id":"D3RplWTbdUHG0qwqJWSP","title":"APIs","pathname":"/appsecexplained/common-vulns/apis","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"}]},{"id":"GkUMugkOHLe5rX2IBmtK","title":"API: BOLA","pathname":"/appsecexplained/common-vulns/apis/api-bola","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"APIs"}]},{"id":"BPVM9QgsSnLcygT6lB3s","title":"API: Broken authentication","pathname":"/appsecexplained/common-vulns/apis/api-broken-authentication","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"APIs"}]},{"id":"A4dsvfvdESmv5kCaydrY","title":"BOPLA","pathname":"/appsecexplained/common-vulns/apis/bopla","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"APIs"}]},{"id":"cz5VN3kJk0JUfVKTmHds","title":"API: BFLA","pathname":"/appsecexplained/common-vulns/apis/api-bfla","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Common vulns"},{"label":"APIs"}]},{"id":"mC2DhNwmMY5Gky5lt3un","title":"Rate limiting","pathname":"/appsecexplained/bypassing-controls/rate-limiting","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Bypassing controls"}]},{"id":"eaGKJP8wNbCw4w3NFuQ4","title":"WAF Bypasses","pathname":"/appsecexplained/bypassing-controls/waf-bypasses","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Bypassing controls"}]},{"id":"bxWtMbEGofIhSiPPmmdv","title":"Docker-compose.yml files","pathname":"/appsecexplained/scripts/docker-compose.yml-files","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"}]},{"id":"9m4ipnbce0PqOfFz8Qj6","title":"Wordpress","pathname":"/appsecexplained/scripts/docker-compose.yml-files/wordpress","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"},{"label":"Docker-compose.yml files"}]},{"id":"c8OYbYlgr4yAOOLaxwKi","title":"SQLi testing labs","pathname":"/appsecexplained/scripts/docker-compose.yml-files/sqli-testing-labs","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"},{"label":"Docker-compose.yml files"}]},{"id":"VaCyOtXcSTK8BuX3AK1u","title":"PHP scripts","pathname":"/appsecexplained/scripts/php-scripts","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"}]},{"id":"v3aPbzeP6qARfwGh6j05","title":"RCE Function Check","pathname":"/appsecexplained/scripts/php-scripts/rce-function-check","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"},{"label":"PHP scripts"}]},{"id":"dAakQEWKPwfejMcI4ENY","title":"Wordlists","pathname":"/appsecexplained/scripts/wordlists","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"}]},{"id":"GOJGepcfnQQHNnlsxdA2","title":"Single characters","pathname":"/appsecexplained/scripts/wordlists/single-characters","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"},{"label":"Wordlists"}]},{"id":"CVS8yYO78l6X3Wh6GOmb","title":"SQLi","pathname":"/appsecexplained/scripts/wordlists/sqli","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Scripts"},{"label":"Wordlists"}]},{"id":"RTiTuiXj6FjRm0bEGrjN","title":"Getting started","pathname":"/appsecexplained/code-review/getting-started","siteSpaceId":"sitesp_4wUzj","description":"","breadcrumbs":[{"label":"Code review"}]},{"id":"e1GXKzmK0PWIUJEwPQfw","title":"Sinks","pathname":"/appsecexplained/code-review/sinks","siteSpaceId":"sitesp_4wUzj","breadcrumbs":[{"label":"Code review"}]}]}