Advanced Injection Techniques
20%
Second-order SQLi, NoSQL injection, SSTI (all engines), blind injection chains
Server-Side Vulnerabilities
20%
SSRF (cloud-focused), XXE (OOB), SSTI to RCE, deserialization gadget chains
Authentication & Session Exploitation
15%
JWT attacks, OAuth ATO, SAML XML injection, session prediction
HTTP Smuggling & Cache Poisoning
15%
CL.TE/TE.CL/HTTP2 desync, web cache deception, cache key injection
Prototype Pollution & DOM Attacks
15%
JS prototype pollution to RCE, DOM clobbering, mXSS, CSTI exploitation
Advanced XSS & CORS
15%
Stored XSS chains, CSP bypass, CORS exploitation, postMessage abuse