# Web Pentesting

- [Introduction to HTTP and web](/pentips/web-pentesting/web.md)
- [Enumeration](/pentips/web-pentesting/enumeration.md)
- [OWASP Top 10](/pentips/web-pentesting/owasptop10.md)
- [General Methodo & Misc Tips](/pentips/web-pentesting/misc-tips.md)
- [Web Services and API](/pentips/web-pentesting/api.md)
- [Vunerabilities and attacks](/pentips/web-pentesting/webvulns.md)
- [Clickjacking](/pentips/web-pentesting/webvulns/clickjacking.md)
- [CORS (Misconfigurations)](/pentips/web-pentesting/webvulns/cors.md)
- [CSRF](/pentips/web-pentesting/webvulns/csrf.md)
- [SSRF](/pentips/web-pentesting/webvulns/ssrf.md)
- [Bypass captcha](/pentips/web-pentesting/webvulns/captcha-bypass.md)
- [Template Injection (client and server side)](/pentips/web-pentesting/webvulns/template-injection.md)
- [MFA bypass](/pentips/web-pentesting/webvulns/mfa-bypass.md)
- [XXE](/pentips/web-pentesting/webvulns/xxe.md)
- [Exposed git folder](/pentips/web-pentesting/exposed-git.md)
- [Docker exploitation and Docker vulnerabilities](/pentips/web-pentesting/docker-exploitation.md)
- [Websockets](/pentips/web-pentesting/websockets.md)